Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04YzloLTRxN2ctZnA3aM0oEw
Out-of-bounds Read in iText
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
Permalink: https://github.com/advisories/GHSA-8c9h-4q7g-fp7hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04YzloLTRxN2ctZnA3aM0oEw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Identifiers: GHSA-8c9h-4q7g-fp7h, CVE-2022-24198
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-24198
- https://github.com/itext/itext7/pull/78
- https://github.com/itext/itext7/pull/78#issuecomment-1089287808
- https://github.com/advisories/GHSA-8c9h-4q7g-fp7h
Blast Radius: 19.0
Affected Packages
maven:com.itextpdf:itext7-core
Dependent packages: 36Dependent repositories: 851
Downloads:
Affected Version Ranges: <= 7.1.17
Fixed in: 7.2.0
All affected versions: 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.1.11, 7.1.12, 7.1.13, 7.1.14, 7.1.15, 7.1.16, 7.1.17
All unaffected versions: 7.1.18, 7.1.19, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 8.0.0, 8.0.1, 8.0.2, 8.0.3