Vulnerabilities > Itextpdf

DATE CVE VULNERABILITY TITLE RISK
2023-11-26 CVE-2023-6298 Unspecified vulnerability in Itextpdf Itext 8.0.2
A vulnerability classified as problematic was found in Apryse iText 8.0.2.
network
low complexity
itextpdf
6.5
2023-11-26 CVE-2023-6299 Memory Leak vulnerability in Itextpdf Itext 8.0.1
A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1.
network
low complexity
itextpdf CWE-401
6.5
2022-12-30 CVE-2017-20151 XXE vulnerability in Itextpdf Rups
A vulnerability classified as problematic was found in iText RUPS.
network
low complexity
itextpdf CWE-611
critical
9.8
2022-02-01 CVE-2022-24196 Allocation of Resources Without Limits or Throttling vulnerability in Itextpdf Itext
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
itextpdf CWE-770
6.5
2022-02-01 CVE-2022-24197 Out-of-bounds Write vulnerability in Itextpdf Itext
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
itextpdf CWE-787
6.5
2022-02-01 CVE-2022-24198 Out-of-bounds Read vulnerability in Itextpdf Itext 7.1.17
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
itextpdf CWE-125
6.5
2021-12-15 CVE-2021-43113 Command Injection vulnerability in multiple products
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
network
low complexity
itextpdf debian CWE-77
critical
9.8
2017-11-08 CVE-2017-9096 XXE vulnerability in Itextpdf Itext
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
network
itextpdf CWE-611
6.8