Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-54869

Опубликовано: 06 авг. 2025
Источник: debian

Описание

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
icingaweb2-module-pdfexportunfixedpackage

Примечания

  • https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3

  • https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0

  • icingaweb2-module-pdfexport embedds FPDI but likely not affected by the CVE, as

  • the CVE is on the PDF parser while importing an untrusted PDF. icingaweb2-module-pdfexport

  • exports a controlled PDF.

Связанные уязвимости

ubuntu
23 дня назад

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.

nvd
23 дня назад

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.

github
23 дня назад

FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service