Vulnerabilities > Itextpdf > Itext
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-26 | CVE-2023-6298 | Unspecified vulnerability in Itextpdf Itext 8.0.2 A vulnerability classified as problematic was found in Apryse iText 8.0.2. | 6.5 |
| 2023-11-26 | CVE-2023-6299 | Memory Leak vulnerability in Itextpdf Itext 8.0.1 A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. | 6.5 |
| 2022-02-01 | CVE-2022-24196 | Allocation of Resources Without Limits or Throttling vulnerability in Itextpdf Itext iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 |
| 2022-02-01 | CVE-2022-24197 | Out-of-bounds Write vulnerability in Itextpdf Itext iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 |
| 2022-02-01 | CVE-2022-24198 | Out-of-bounds Read vulnerability in Itextpdf Itext 7.1.17 iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 |
| 2021-12-15 | CVE-2021-43113 | Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | 9.8 |
| 2017-11-08 | CVE-2017-9096 | XXE vulnerability in Itextpdf Itext The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. | 6.8 |