Vulnerability Details : CVE-2023-6299
A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25th 2023, prior to the disclosure.
Products affected by CVE-2023-6299
- cpe:2.3:a:itextpdf:itext:8.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6299
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6299
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
VulDB | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2023-6299
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-6299
-
https://kb.itextpdf.com/home/it7kb/releases/release-itext-core-8-0-2#ReleaseiTextCore8.0.2-Bugfixesandmiscellaneous
Release iText Core 8.0.2Release Notes
-
https://drive.google.com/file/d/1_jeD7SvuliKc_02pPTPbfSnqAErzmFny/view?usp=sharing
OutOfMemoryError-4fa24c63008cf0716e08a6447278e65274c9c4a8 - Google DriveBroken Link
-
https://vuldb.com/?id.246125
CVE-2023-6299: Apryse iText Reference Table PdfDocument.java memory leakThird Party Advisory
-
https://vuldb.com/?ctiid.246125
CVE-2023-6299: Apryse iText Reference Table PdfDocument.java memory leakThird Party Advisory
Jump to