CVE-2021-43113

Опубликовано: 15 дек. 2021

Источник: debian

Описание

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libitext5-java	fixed	5.5.13.3-1		package

Примечания

https://github.com/itext/itextpdf/commit/ce8bbacd631e13717a91f02e9cbd9814b9dc2cca (5.5.13.3)

Связанные уязвимости

CVE-2021-43113

CVSS3: 9.8

ubuntu

около 4 лет назад

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

CVE-2021-43113

CVSS3: 9.8

nvd

около 4 лет назад

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

GHSA-gv87-q66h-4277

CVSS3: 9.8

github

около 4 лет назад

Command injection in itext7-core