Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
itextpdf itext vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-43113
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
Itextpdf Itext
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2017-9096
The XML parsers in iText prior to 5.5.12 and 7.x prior to 7.0.3 do not disable external entities, which might allow remote malicious users to conduct XML external entity (XXE) attacks via a crafted PDF.
Itextpdf Itext 7.0.0
Itextpdf Itext 7.0.1
Itextpdf Itext 7.0.2
Itextpdf Itext
1 Github repository
4.3
CVSSv2
CVE-2022-24196
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 exists to contain an out-of-memory error via the component readStreamBytesRaw, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file.
Itextpdf Itext
4.3
CVSSv2
CVE-2022-24197
iText v7.1.17 exists to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file.
Itextpdf Itext
4.3
CVSSv2
CVE-2022-24198
iText v7.1.17 exists to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exp...
Itextpdf Itext 7.1.17
NA
CVE-2023-6298
A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed...
Itextpdf Itext 8.0.2
NA
CVE-2023-6299
A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotel...
Itextpdf Itext 8.0.1
NA
CVE-2017-20151
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60...
Itextpdf Rups
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started