Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
itextpdf itext vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6298
A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed...
Itextpdf Itext 8.0.2
NA
CVE-2023-6299
A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotel...
Itextpdf Itext 8.0.1
NA
CVE-2017-20151
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60...
Itextpdf Rups
4.3
CVSSv2
CVE-2022-24196
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 exists to contain an out-of-memory error via the component readStreamBytesRaw, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file.
Itextpdf Itext
4.3
CVSSv2
CVE-2022-24197
iText v7.1.17 exists to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file.
Itextpdf Itext
4.3
CVSSv2
CVE-2022-24198
iText v7.1.17 exists to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exp...
Itextpdf Itext 7.1.17
7.5
CVSSv2
CVE-2021-43113
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
Itextpdf Itext
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2017-9096
The XML parsers in iText prior to 5.5.12 and 7.x prior to 7.0.3 do not disable external entities, which might allow remote malicious users to conduct XML external entity (XXE) attacks via a crafted PDF.
Itextpdf Itext 7.0.0
Itextpdf Itext 7.0.1
Itextpdf Itext 7.0.2
Itextpdf Itext
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started