Vulnerabilities > Itextpdf > Itext > 5.3.0

DATE CVE VULNERABILITY TITLE RISK
2022-02-01 CVE-2022-24196 Allocation of Resources Without Limits or Throttling vulnerability in Itextpdf Itext
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
itextpdf CWE-770
6.5
6.5
2022-02-01 CVE-2022-24197 Out-of-bounds Write vulnerability in Itextpdf Itext
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
itextpdf CWE-787
6.5
6.5
2017-11-08 CVE-2017-9096 XXE vulnerability in Itextpdf Itext
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
network
itextpdf CWE-611
6.8
6.8