7 matches found
CVE-2017-9096
The CVE-2017-9096 issue concerns the iText PDF library where XML parsers do not disable external entities, enabling XXE via crafted PDFs. Public docs identify the root cause as improper XML External Entity handling in iText before 5.5.12 and before 7.0.3, with IBM Bulletins noting fixes in IBM Da...
CVE-2021-43113
The CVE-2021-43113 case concerns iTextPDF (iText 7 era) where the CompareTool filename handling interacts with Ghostscript, enabling a command injection via GhostscriptHelper.java. Affected products/versions: iTextPDF before 7.1.17 (up to but not including 4.4.13.3); the Debian/libitext5-java adv...
CVE-2022-24197
CVE-2022-24197 affects iText 7.1.17, where a stack-based buffer overflow in ByteBuffer.append during PDF parsing can cause a Denial of Service. A fix is available in iText 7.1.18; organizations should upgrade to 7.1.18 to mitigate.
CVE-2022-24198
iText 7.1.17 contains an out-of-bounds condition in ARCFOUREncryption.encryptARCFOUR that can cause a Denial of Service when processing a crafted PDF. This aligns with CVE-2022-24198. Multiple connected sources corroborate the component and payload (ARCFOUREncryption.encryptARCFOUR; crafted PDF)....
CVE-2022-24196
CVE-2022-24196 affects iText Java PDF library versions up to (but not including) 7.1.18 and 7.2.2, with the root cause in the readStreamBytesRaw component. This creates an out-of-memory condition that can be exploited by a crafted PDF to cause a Denial of Service. Public sources identify vulnerab...
CVE-2023-6299
CVE-2023-6299 affects Apryse iText 8.0.1, with a memory leak in PdfDocument.java’s Reference Table Handler. The issue could be triggered remotely and has public exploits. The vendor fixed it in iText Core 8.0.2 (released Oct 25, 2023); upgrading to 8.0.2 or later is recommended.
CVE-2023-6298
CVE-2023-6298 affects Apryse iText 8.0.2, specifically the main function in PdfDocument.java, causing improper validation of an array index (out-of-bounds). The vulnerability can be triggered remotely and an exploit has been disclosed, though the real existence is publicly doubted by some sources...