PT-2025-31943 · Fpdi · Fpdi

N0Zom1Z0

Published

2025-08-05

Updated

2025-08-06

CVE-2025-54869

Report an issue

CVSS v4.0

6.0

Vector

AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions:

FPDI versions 2.6.2 and below

Description:

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. A malicious PDF file can cause a server-side script to crash due to memory exhaustion, leading to a Denial of Service (DoS). Repeated attacks can lead to sustained service unavailability.

Recommendations:

Update to version 2.6.3 or later.

Fix

DoS

Allocation of Resources Without Limits

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2025-54869

GHSA-JXHH-4648-VPP3

Affected Products

Fpdi

PT-2025-31943 · Fpdi · Fpdi

Weakness Enumeration

Related Identifiers

Affected Products

References · 9