CVE-2017-20151 — Vulnetix

CVE-2017-20151 PUBLISHED

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability.

EPSS 0.31% · 54.2th percentile

Risk Scores

EPSS Score

0.31%

54.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	libitext-java	0, 2.1.7-12, 2.1.7-11
Ubuntu:16.04:LTS	libitext-java	2.1.7-10, 0, 2.1.7-9
Ubuntu:20.04:LTS	libitext-java	2.1.7-12, 0
Ubuntu:22.04:LTS	libitext-java	2.1.7-12, 0
Ubuntu:24.04:LTS	libitext-java	0, 2.1.7-16, 2.1.7-15
Ubuntu:25.10	libitext-java	2.1.7-16, 0

Exploit Intelligence

https://vuldb.com/?id.217054 (circl)
https://vuldb.com/?ctiid.217054 (circl)
https://github.com/itext/rups/commit/ac5590925874ef810018a6b60fec216eee54fb32 (circl)

Timeline

Dec 30, 2022 CVE Published
Dec 31, 2022 EPSS Score
Jan 10, 2023 CVE Updated
Feb 10, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 24, 2023 EPSS Score
May 4, 2023 EPSS Score
Jun 14, 2023 EPSS Score
Jul 25, 2023 EPSS Score
Sep 5, 2023 EPSS Score
Oct 16, 2023 EPSS Score
Nov 26, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-20151 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-20151 third-party-advisory

Open in Interactive Console →