| CVE ID | Description | Severity | | :--- | :--- | :--- | | | Remote Code Execution via PDF parsing (malicious PDFs can execute arbitrary Java code). | Critical (9.8/10) | | CVE-2017-9096 | XML External Entity (XXE) injection in the XML worker module, allowing file disclosure. | High (7.5/10) | | CVE-2016-4230 | Denial of Service (DoS) via a crafted PDF that causes infinite recursion. | Medium (5.5/10) |
Are you looking to in a JasperReport project, or are you trying to find the download link for this specific version? itext-2.1.7.js9.jar
This is the most dangerous area. The suffix .js9 implies the code has been from the original iText 2.1.7. | CVE ID | Description | Severity |
: Address security vulnerabilities or rendering issues that the original 2009 release contained. Improve Font Support : Add better handling for specific character sets or Indic languages Maintain Compatibility : Ensure that JasperReports' PdfGraphics2D | Medium (5
In the world of Java development, PDF generation and manipulation are common requirements. The iText library has long been the de facto standard for these tasks. However, navigating the version history of iText—especially the licensing changes between versions 2.1.7 and 5.0.0—can be a minefield. One particularly unusual filename you may encounter in legacy projects or obscure repositories is .