FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service — CVE-2026-45802
GitHub · GitHub · CVE-2026-45802
ID
CVE-2026-45802
CVE-2026-45802
Date
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
6
6
Summary
### Impact This is a significant Denial of Service (DoS) vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. ### Patches Fixed as of version 2.6.7 ### Workarounds No.…
Product
composer: setasign/fpdi
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.