Every CVE whose affected-product data names Itextpdf Itext, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-43113 — CVSS 9.8 (critical): iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs…
CVE-2017-9096 — CVSS 8.8 (high): The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct…
CVE-2022-24198 — CVSS 6.5 (medium): iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows…
CVE-2022-24197 — CVSS 6.5 (medium): iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause…
CVE-2022-24196 — CVSS 6.5 (medium): iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw…
CVE-2023-6298 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file…
CVE-2023-6299 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of…