Skip to main content

Itext

4 CVEs product

Monthly

CVE-2023-6299 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1.java of the component Reference Table Handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Itext
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-6298 MEDIUM POC This Month

A vulnerability classified as problematic was found in Apryse iText 8.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Itext
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-43113 Maven CRITICAL POC PATCH Act Now

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Itext Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2017-9096 Maven HIGH PATCH This Week

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Itext
NVD
CVSS 3.0
8.8
EPSS
7.6%
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1.java of the component Reference Table Handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Itext
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A vulnerability classified as problematic was found in Apryse iText 8.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Itext
NVD VulDB
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Itext Debian Linux
NVD GitHub
EPSS 8% CVSS 8.8
HIGH PATCH This Week

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Itext
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy