Blackduck scans have reported new vulnerabilities related to itext:
CVE-2022-24197 (BDSA-2021-4193): iText is vulnerable to a stack-based buffer overflow. An attacker could exploit this flaw by tricking a victim in to running a maliciously crafted file on the application leading to a denial-of-service (DoS) condition.
Scanned version is 10.7.0.361,
Release : 10.7.0, 10.8
Component : Introscope
Vulnerability Description: iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
This security vulnerability is about the attacker supplied PDF. We do not use iText to read PDFs. Therefore, it is false positive.