CVE-2017-9096
Description
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
8.838
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-9096 are fixed in iText-itextpdf 5.5.12 | Windows |
| Vulnerabilities CVE-2017-9096 are fixed in iText-itextpdf 7.0.3 | Windows |
| Vulnerabilities CVE-2017-9096 are affected in Lowagie - itext 4.2.2 | Windows |
| Vulnerabilities CVE-2017-9096 are fixed in iText-itextpdf for Linux 5.5.12 | Linux |
| Vulnerabilities CVE-2017-9096 are fixed in iText-itextpdf for Linux 7.0.3 | Linux |
| Vulnerabilities CVE-2017-9096 are affected in Lowagie - itext for Linux 4.2.2 | Linux |
| Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9096) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234