FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF...

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.

Basic Information

ID CVE-2025-54869

Source GitHub_M

Published Aug 5, 2025 at 23:34

Modified Aug 7, 2025 at 14:02

Affected Product

Vendor Setasign

Product FPDI

Version < 2.6.3

Affected Versions Setasign FPDI < 2.6.3

CWE Classification

CWE-770

References

{
    "lastseen": "",
    "description": "FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.",
    "published": "2025-08-05T23:34:17.937Z",
    "modified": "2025-08-07T14:02:48.590Z",
    "type": "cve",
    "title": "FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser",
    "source": "GitHub_M",
    "references": "https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3\nhttps://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0",
    "id": "CVE-2025-54869",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "Setasign FPDI < 2.6.3",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FPDI",
    "version": "< 2.6.3",
    "vendor": "Setasign",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser_CVE-2025-54869