cvedb.io
CVE-2021-43113
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-12-15T07:15:07.453 · Last modified 2026-06-17T04:10:31.607

Summary

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

Affected products

itextpdf — itext

Does this affect you?

Add your gear to cvedb and we'll alert you only when itextpdf ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.