Skip to content

iText is insecure, use OpenPDF

Jump to bottom Edit New page
Andreas Rosdal edited this page Mar 13, 2022 · 4 revisions

OpenPDF is a secure, free Java library for creating and editing PDF files with a LGPL and MPL open source license.
OpenPDF is based on a fork of iText.

iText has 5 known security vulnerabilities, which are listed in the CVE details here. These vulnerabilities in old iText versions have been fixed in OpenPDF.

In particular, iText 2.1.7 has a serious security vulnerability:
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

We recommend that you use OpenPDF, for a secure and maintained PDF library.

OpenPDF is a Java library for creating and editing PDF files with a LGPL and MPL open source license.

Add a custom sidebar
Clone this wiki locally