{"id":"CVE-2022-24196","details":"iText v7.1.17, up to (exluding)\": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.","aliases":["GHSA-hhh6-cm2m-3fhc"],"modified":"2026-04-10T04:45:19.361690Z","published":"2022-02-01T20:15:11.737Z","references":[{"type":"WEB","url":"https://github.com/itext/itext7/releases/tag/7.1.18"},{"type":"ADVISORY","url":"https://github.com/itext/itext7/pull/78"},{"type":"FIX","url":"https://github.com/itext/itext7/pull/78#issuecomment-1089279222"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/itext/itext-java","events":[{"introduced":"0"},{"fixed":"6c7d50c4edaaa16de30dcdb4990350a3262609c9"}]},{"type":"GIT","repo":"https://github.com/itext/itext7","events":[{"introduced":"0"},{"fixed":"a4ee38636686ea328e467ed72814d14fc23db35c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.2.2"}]}}],"versions":["7.0.0","7.0.0-RC.20160201","7.0.0-RC.20160321","7.0.0-RC.20160406","7.0.1","7.0.2","7.0.3","7.0.4","7.0.5","7.1.0","7.1.1","7.1.10","7.1.11","7.1.12","7.1.13","7.1.14","7.1.15","7.1.16","7.1.17","7.1.2","7.1.3","7.1.4","7.1.5","7.1.6","7.1.7","7.1.8","7.1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24196.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}