IronPDF - Security CVE

Please see information below regarding IronPDF:

  1. All Iron Software products are DigiCert certified
  2. IronPDF does not use web services nor send data across the internet
  3. No COM or COM+ interfaces are exposed in the IronPdf.dll
  4. The library is written in C# which protects implicitly from many common attack vectors
  5. As few entry points as possible to our API are exposed
  6. Strong naming and sophisticated tamper protection
  7. Regularly scanned with multiple anti-virus/anti-malware scanners, using highest security and heuristic search for potential threats
  8. Every line of code goes though at least two levels of human review by senior engineers to check for security vulnerabilities
  9. We will disclose that the software will access un-managed (C++) code:

pdfium.dll - which is used in internal operations. No direct executable entry point to this DLL is distributed nor exposed.