PT-2023-32598 · Apryse · Apryse Itext
Alkaidlx
+1
·
Published
2023-11-26
·
Updated
2024-08-02
·
CVE-2023-6298
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apryse iText version 8.0.2
Description
A vulnerability was found in the function
main of the file PdfDocument.java, which affects the improper validation of array index. The attack can be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified issues might not apply to the software.Recommendations
For Apryse iText version 8.0.2, at the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apryse Itext