Zanderhuang

**Name of the Vulnerable Software and Affected Versions** iText versions 7.1.17 through 7.1.17 **Description** The issue is related to an out-of-memory error via the component `readStreamBytesRaw`, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. **Recommendations** For iText version 7.1.17, consider updating to version 7.1.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `readStreamBytesRaw` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iText version 7.1.17 **Description** A stack-based buffer overflow was discovered in the component `ByteBuffer.append`, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. **Recommendations** For iText version 7.1.17, consider disabling the `ByteBuffer.append` component until a patch is available to prevent potential Denial of Service (DoS) attacks.

**Name of the Vulnerable Software and Affected Versions** iText version 7.1.17 **Description** The issue allows attackers to cause a Denial of Service (DoS) via a crafted PDF file, exploiting an out-of-bounds exception in the `ARCFOUREncryption.encryptARCFOUR` component. The vendor does not view this as a vulnerability and has not found it to be exploitable. **Recommendations** For version 7.1.17, consider disabling the `ARCFOUREncryption.encryptARCFOUR` component as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.