Description
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
Remediation
References
https://github.com/itext/itext7/pull/78
https://github.com/itext/itext7/pull/78#issuecomment-1089287808
Related Vulnerabilities
CVE-2017-16204 Vulnerability in npm package jquey
CVE-2021-44667 Vulnerability in maven package com.alibaba.nacos:nacos-common
CVE-2022-25863 Vulnerability in npm package gatsby-plugin-mdx
CVE-2014-3607 Vulnerability in maven package org.ldaptive:ldaptive
CVE-2014-0085 Vulnerability in maven package org.apache.zookeeper:zookeeper