Maven package
com.itextpdf/itextpdf
pkg:maven/com.itextpdf/itextpdf
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-43113 | — | < 5.5.13.3 | 5.5.13.3 | Dec 15, 2021 | iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | ||
| CVE-2017-9096 | Hig | 8.8 | < 5.5.12 | 5.5.12 | Nov 8, 2017 | The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. |
- CVE-2021-43113Dec 15, 2021affected < 5.5.13.3fixed 5.5.13.3
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
- affected < 5.5.12fixed 5.5.12
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.