Maven package
com.itextpdf/itext7-core
pkg:maven/com.itextpdf/itext7-core
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24198 | — | < 7.2.0 | 7.2.0 | Feb 1, 2022 | iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be e | ||
| CVE-2022-24197 | — | < 7.1.18 | 7.1.18 | Feb 1, 2022 | iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||
| CVE-2022-24196 | — | < 7.1.18 | 7.1.18 | Feb 1, 2022 | iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||
| CVE-2021-43113 | — | < 7.1.17 | 7.1.17 | Dec 15, 2021 | iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. |
- CVE-2022-24198Feb 1, 2022affected < 7.2.0fixed 7.2.0
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be e
- CVE-2022-24197Feb 1, 2022affected < 7.1.18fixed 7.1.18
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- CVE-2022-24196Feb 1, 2022affected < 7.1.18fixed 7.1.18
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- CVE-2021-43113Dec 15, 2021affected < 7.1.17fixed 7.1.17
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.