CVE-2022-24196

Name of the Vulnerable Software and Affected Versions iText versions 7.1.17 through 7.1.17

Description The issue is related to an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Recommendations For iText version 7.1.17, consider updating to version 7.1.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of the readStreamBytesRaw component until a patch is available.