Vulnerabilities > Itextpdf > Itext > 7.1.2

DATE CVE VULNERABILITY TITLE RISK
2022-02-01 CVE-2022-24196 Allocation of Resources Without Limits or Throttling vulnerability in Itextpdf Itext
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
itextpdf CWE-770
6.5
6.5
2022-02-01 CVE-2022-24197 Out-of-bounds Write vulnerability in Itextpdf Itext
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
itextpdf CWE-787
6.5
6.5
2021-12-15 CVE-2021-43113 Command Injection vulnerability in multiple products
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
network
low complexity
itextpdf debian CWE-77
critical
 9.8
9.8