iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
itextpdf itext |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |