PT-2023-32598 · Apryse · Apryse Itext

Alkaidlx

Publicado

2023-11-26

Atualizado

2024-08-02

CVE-2023-6298

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apryse iText version 8.0.2

Description A vulnerability was found in the function main of the file PdfDocument.java, which affects the improper validation of array index. The attack can be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified issues might not apply to the software.

Recommendations For Apryse iText version 8.0.2, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Improper Validation of Array Index

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-129

Identificadores relacionados

CVE-2023-6298

Produtos afetados

Apryse Itext

PT-2023-32598 · Apryse · Apryse Itext

CVE-2023-6298

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13