Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for FPDI by Setasign
CVE-2026-45802 (GCVE-0-2026-45802)
Vulnerability from nvd – Published: 2026-06-11 18:59 – Updated: 2026-06-12 13:49
VLAI
Title
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service
Summary
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Setasign/FPDI/security/advisor… | x_refsource_CONFIRM |
| https://github.com/Setasign/FPDI/commit/1695cfcc7… | x_refsource_MISC |
| https://github.com/Setasign/FPDI/releases/tag/v2.6.7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T13:49:29.482088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T13:49:38.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FPDI",
"vendor": "Setasign",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:59:36.226Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Setasign/FPDI/security/advisories/GHSA-2mgw-7q6p-8grg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Setasign/FPDI/security/advisories/GHSA-2mgw-7q6p-8grg"
},
{
"name": "https://github.com/Setasign/FPDI/commit/1695cfcc7e01fe844a7296b3de90855a3fa65be6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Setasign/FPDI/commit/1695cfcc7e01fe844a7296b3de90855a3fa65be6"
},
{
"name": "https://github.com/Setasign/FPDI/releases/tag/v2.6.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Setasign/FPDI/releases/tag/v2.6.7"
}
],
"source": {
"advisory": "GHSA-2mgw-7q6p-8grg",
"discovery": "UNKNOWN"
},
"title": "FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45802",
"datePublished": "2026-06-11T18:59:36.226Z",
"dateReserved": "2026-05-13T08:19:32.603Z",
"dateUpdated": "2026-06-12T13:49:38.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54869 (GCVE-0-2025-54869)
Vulnerability from nvd – Published: 2025-08-05 23:34 – Updated: 2025-08-07 14:02
VLAI
Title
FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser
Summary
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Setasign/FPDI/security/advisor… | x_refsource_CONFIRM |
| https://github.com/Setasign/FPDI/commit/ba671ba92… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T14:02:39.237166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T14:02:48.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FPDI",
"vendor": "Setasign",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T23:34:17.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3"
},
{
"name": "https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0"
}
],
"source": {
"advisory": "GHSA-jxhh-4648-vpp3",
"discovery": "UNKNOWN"
},
"title": "FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54869",
"datePublished": "2025-08-05T23:34:17.937Z",
"dateReserved": "2025-07-31T17:23:33.473Z",
"dateUpdated": "2025-08-07T14:02:48.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-45802 (GCVE-0-2026-45802)
Vulnerability from cvelistv5 – Published: 2026-06-11 18:59 – Updated: 2026-06-12 13:49
VLAI
Title
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service
Summary
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Setasign/FPDI/security/advisor… | x_refsource_CONFIRM |
| https://github.com/Setasign/FPDI/commit/1695cfcc7… | x_refsource_MISC |
| https://github.com/Setasign/FPDI/releases/tag/v2.6.7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T13:49:29.482088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T13:49:38.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FPDI",
"vendor": "Setasign",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:59:36.226Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Setasign/FPDI/security/advisories/GHSA-2mgw-7q6p-8grg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Setasign/FPDI/security/advisories/GHSA-2mgw-7q6p-8grg"
},
{
"name": "https://github.com/Setasign/FPDI/commit/1695cfcc7e01fe844a7296b3de90855a3fa65be6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Setasign/FPDI/commit/1695cfcc7e01fe844a7296b3de90855a3fa65be6"
},
{
"name": "https://github.com/Setasign/FPDI/releases/tag/v2.6.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Setasign/FPDI/releases/tag/v2.6.7"
}
],
"source": {
"advisory": "GHSA-2mgw-7q6p-8grg",
"discovery": "UNKNOWN"
},
"title": "FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45802",
"datePublished": "2026-06-11T18:59:36.226Z",
"dateReserved": "2026-05-13T08:19:32.603Z",
"dateUpdated": "2026-06-12T13:49:38.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54869 (GCVE-0-2025-54869)
Vulnerability from cvelistv5 – Published: 2025-08-05 23:34 – Updated: 2025-08-07 14:02
VLAI
Title
FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser
Summary
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Setasign/FPDI/security/advisor… | x_refsource_CONFIRM |
| https://github.com/Setasign/FPDI/commit/ba671ba92… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T14:02:39.237166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T14:02:48.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FPDI",
"vendor": "Setasign",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T23:34:17.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3"
},
{
"name": "https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0"
}
],
"source": {
"advisory": "GHSA-jxhh-4648-vpp3",
"discovery": "UNKNOWN"
},
"title": "FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54869",
"datePublished": "2025-08-05T23:34:17.937Z",
"dateReserved": "2025-07-31T17:23:33.473Z",
"dateUpdated": "2025-08-07T14:02:48.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}