You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Andreas Rosdal edited this page Mar 13, 2022
·
4 revisions
OpenPDF is a secure, free Java library for creating and editing PDF files with a LGPL and MPL open source license.
OpenPDF is based on a fork of iText.
iText has 5 known security vulnerabilities, which are listed in the CVE details here. These vulnerabilities in old iText versions have been fixed in OpenPDF.
In particular, iText 2.1.7 has a serious security vulnerability: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
We recommend that you use OpenPDF, for a secure and maintained PDF library.