How severe is CVE-2023-6298?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-6298?

This is classified as CWE-129, which is a common weakness in software security.

CVE-2023-6298 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified CWEs might not apply to the software.

Related Vulnerabilities

CVE-2019-1000016

MEDIUM

CVSS:6.5(Medium)

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via speciall...

CWE-1292019

CVE-2020-17398

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the...

CWE-1292020

CVE-2020-20412

MEDIUM

CVSS:6.5(Medium)

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.

CWE-1292020