Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
itextpdf itext vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-6298
A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed...
Itextpdf Itext 8.0.2
6.5
CVSSv3
CVE-2023-6299
A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotel...
Itextpdf Itext 8.0.1
9.8
CVSSv3
CVE-2017-20151
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60...
Itextpdf Rups
6.5
CVSSv3
CVE-2022-24197
iText v7.1.17 exists to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file.
Itextpdf Itext
6.5
CVSSv3
CVE-2022-24198
iText v7.1.17 exists to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exp...
Itextpdf Itext 7.1.17
6.5
CVSSv3
CVE-2022-24196
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 exists to contain an out-of-memory error via the component readStreamBytesRaw, which allows malicious users to cause a Denial of Service (DoS) via a crafted PDF file.
Itextpdf Itext
9.8
CVSSv3
CVE-2021-43113
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
Itextpdf Itext
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2017-9096
The XML parsers in iText prior to 5.5.12 and 7.x prior to 7.0.3 do not disable external entities, which might allow remote malicious users to conduct XML external entity (XXE) attacks via a crafted PDF.
Itextpdf Itext 7.0.0
Itextpdf Itext 7.0.1
Itextpdf Itext 7.0.2
Itextpdf Itext
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started