com.itextpdf:itext7-core

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.itextpdf:itext7-corepage 1 of 1

CVE-2021-43113CRITICALCVSS 9.8EG 9.8✓ Fixed in 7.1.17
2021-12-15
vulnerable: 7.0.2 ... 7.1.9 (24 versions)
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
CVE-2022-24196MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.1.18
2022-02-01
vulnerable: 7.0.2 ... 7.1.9 (25 versions)
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-24197MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.1.18
2022-02-01
vulnerable: 7.0.2 ... 7.1.9 (25 versions)
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-24198MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.2.0
2022-02-01
vulnerable: 7.0.2 ... 7.1.9 (26 versions)
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a v…

Check whether com.itextpdf:itext7-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.itextpdf:itext7-core CVEs against the assets you own.

Start Free Scan →