cve-2023-6299
Vulnerability from cvelistv5
Published
2023-11-26 23:00
Modified
2024-08-02 08:28
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25th 2023, prior to the disclosure.
References
cna@vuldb.comhttps://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharingBroken Link
cna@vuldb.comhttps://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-BugfixesandmiscellaneousRelease Notes
cna@vuldb.comhttps://vuldb.com/?ctiid.246125Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?id.246125Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharingBroken Link
af854a3a-2127-422b-91ae-364da2661108https://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-BugfixesandmiscellaneousRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.246125Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.246125Third Party Advisory
Impacted products
Vendor Product Version
Apryse iText Version: 8.0.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.246125"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.246125"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-Bugfixesandmiscellaneous"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Reference Table Handler"
          ],
          "product": "iText",
          "vendor": "Apryse",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "AlkaidLx (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "yulian.gaponenko (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25th 2023, prior to the disclosure."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Apryse iText 8.0.1 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei PdfDocument.java der Komponente Reference Table Handler. Dank der Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 8.0.2 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Memory Leak",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-29T16:43:18.425Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.246125"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.246125"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-Bugfixesandmiscellaneous"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-11-26T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-11-29T17:47:21.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Apryse iText Reference Table PdfDocument.java memory leak"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-6299",
    "datePublished": "2023-11-26T23:00:05.998Z",
    "dateReserved": "2023-11-26T07:28:01.206Z",
    "dateUpdated": "2024-08-02T08:28:21.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6299\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2023-11-26T23:15:07.883\",\"lastModified\":\"2024-11-21T08:43:33.903\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25th 2023, prior to the disclosure.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad fue encontrada en Apryse iText 8.0.2 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo PdfDocument.java del componente Reference Table Handler. La manipulaci\u00f3n conduce a una p\u00e9rdida de memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-246125. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:itextpdf:itext:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAE116EF-8351-440A-BF9A-90B4A51AADAB\"}]}]}],\"references\":[{\"url\":\"https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-Bugfixesandmiscellaneous\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://vuldb.com/?ctiid.246125\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.246125\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-Bugfixesandmiscellaneous\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://vuldb.com/?ctiid.246125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.246125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.