RSS   Podatności dla 'Itext'   RSS

2022-02-01
 
CVE-2022-24196

CWE-770
 

 
iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

 
 
CVE-2022-24197

CWE-787
 

 
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

 
 
CVE-2022-24198

CWE-125
 

 
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

 
2021-12-15
 
CVE-2021-43113

CWE-77
 

 
iTextPDF in iText before 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

 
2017-11-08
 
CVE-2017-9096

CWE-611
 

 
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

 


Copyright 2024, cxsecurity.com

 

Back to Top