itext/itext-java

GitHub

github.com

itextpdf.com

Releases73

Frequency1 month 3 weeks

Last Release 2 months ago

Stars2.25K

iText for Java represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText can be a boon to nearly every workflow.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-24196 ↗	Feb 1, 2022Tuesday, 1 February 2022, 20:15	6.5 MEDIUM	4.3 MEDIUM
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-24197 ↗	Feb 1, 2022Tuesday, 1 February 2022, 20:15	6.5 MEDIUM	4.3 MEDIUM
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-24198 ↗	Feb 1, 2022Tuesday, 1 February 2022, 20:15	6.5 MEDIUM	4.3 MEDIUM
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
CVE-2021-43113 ↗	Dec 15, 2021Wednesday, 15 December 2021, 07:15	9.8 CRITICAL	7.5 HIGH
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.