CVE-2021-43113

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43113

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43113.json

Aliases

• GHSA-gv87-q66h-4277

Related

• DLA-3273-1
• DSA-5323-1

Published

2021-12-15T07:15:07Z

Modified

2023-11-08T04:07:08.802574Z

Details

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

References

• https://www.debian.org/security/2023/dsa-5323
• https://lists.debian.org/debian-lts-announce/2023/01/msg00013.html
• https://pastebin.com/BXnkY9YY
• https://github.com/itext/itext7/releases/tag/7.1.17
• https://github.com/itext/itextpdf/releases/tag/5.5.13.3