Vulnerabilities > Itextpdf > Itext > 7.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-01 | CVE-2022-24196 | Allocation of Resources Without Limits or Throttling vulnerability in Itextpdf Itext iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 |
| 2022-02-01 | CVE-2022-24197 | Out-of-bounds Write vulnerability in Itextpdf Itext iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 |
| 2021-12-15 | CVE-2021-43113 | Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | 9.8 |
| 2017-11-08 | CVE-2017-9096 | XXE vulnerability in Itextpdf Itext The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. | 8.8 |