Out-of-bounds Write
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Advisories for Maven/Com.itextpdf/Itext7-Core package
2022
Out-of-bounds Read
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Allocation of Resources Without Limits or Throttling
iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
2021
Improper Neutralization of Special Elements used in a Command ('Command Injection')
iTextPDF in iText 7 and up to allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.