Lucene search
K
ItextpdfItext

7 matches found

CVE
CVE
added 2017/11/08 4:0 p.m.311 views

CVE-2017-9096

The CVE-2017-9096 issue concerns the iText PDF library where XML parsers do not disable external entities, enabling XXE via crafted PDFs. Public docs identify the root cause as improper XML External Entity handling in iText before 5.5.12 and before 7.0.3, with IBM Bulletins noting fixes in IBM Da...

8.8CVSS8.3AI score0.09902EPSS
CVE
CVE
added 2021/12/15 12:0 a.m.137 views

CVE-2021-43113

The CVE-2021-43113 case concerns iTextPDF (iText 7 era) where the CompareTool filename handling interacts with Ghostscript, enabling a command injection via GhostscriptHelper.java. Affected products/versions: iTextPDF before 7.1.17 (up to but not including 4.4.13.3); the Debian/libitext5-java adv...

9.8CVSS9.3AI score0.05172EPSS
CVE
CVE
added 2022/02/01 12:0 a.m.94 views

CVE-2022-24197

CVE-2022-24197 affects iText 7.1.17, where a stack-based buffer overflow in ByteBuffer.append during PDF parsing can cause a Denial of Service. A fix is available in iText 7.1.18; organizations should upgrade to 7.1.18 to mitigate.

6.5CVSS6.4AI score0.01502EPSS
CVE
CVE
added 2022/02/01 12:0 a.m.90 views

CVE-2022-24198

iText 7.1.17 contains an out-of-bounds condition in ARCFOUREncryption.encryptARCFOUR that can cause a Denial of Service when processing a crafted PDF. This aligns with CVE-2022-24198. Multiple connected sources corroborate the component and payload (ARCFOUREncryption.encryptARCFOUR; crafted PDF)....

6.5CVSS6.3AI score0.00547EPSS
CVE
CVE
added 2022/02/01 12:0 a.m.86 views

CVE-2022-24196

CVE-2022-24196 affects iText Java PDF library versions up to (but not including) 7.1.18 and 7.2.2, with the root cause in the readStreamBytesRaw component. This creates an out-of-memory condition that can be exploited by a crafted PDF to cause a Denial of Service. Public sources identify vulnerab...

6.5CVSS6.2AI score0.01612EPSS
CVE
CVE
added 2023/11/26 11:0 p.m.66 views

CVE-2023-6299

CVE-2023-6299 affects Apryse iText 8.0.1, with a memory leak in PdfDocument.java’s Reference Table Handler. The issue could be triggered remotely and has public exploits. The vendor fixed it in iText Core 8.0.2 (released Oct 25, 2023); upgrading to 8.0.2 or later is recommended.

6.5CVSS5.4AI score0.00942EPSS
CVE
CVE
added 2023/11/26 11:0 p.m.57 views

CVE-2023-6298

CVE-2023-6298 affects Apryse iText 8.0.2, specifically the main function in PdfDocument.java, causing improper validation of an array index (out-of-bounds). The vulnerability can be triggered remotely and an exploit has been disclosed, though the real existence is publicly doubted by some sources...

6.5CVSS5.3AI score0.01101EPSS