CVE-2017-9096

Name of the Vulnerable Software and Affected Versions iText versions prior to 5.5.12 iText versions 7.x prior to 7.0.3

Description The issue is related to the XML parsers in the software, which do not disable external entities. This could allow remote attackers to conduct XML external entity (XXE) attacks by using a crafted PDF. XXE attacks involve exploiting an application's processing of external entities in XML documents, potentially leading to unauthorized access to data or systems.

Recommendations For iText versions prior to 5.5.12, update to version 5.5.12 or later. For iText versions 7.x prior to 7.0.3, update to version 7.0.3 or later.