CVE-2025-54869

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54869

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54869.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54869

Aliases

GHSA-jxhh-4648-vpp3

Published

2025-08-06T00:15:31Z

Modified

2025-08-08T06:50:04.007110Z

Summary

[none]

Details

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.

References

Affected packages

Debian:11 / icingaweb2-module-pdfexport

Package

Name: icingaweb2-module-pdfexport
Purl: pkg:deb/debian/icingaweb2-module-pdfexport?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.0-1.1

0.9.1-1

0.9.1-2

0.10.2+dfsg1-1

0.10.2+dfsg1-2

0.10.2+dfsg1-3

0.10.2+dfsg1-4

0.11.0+dfsg-1

0.11.0+dfsg-2

0.11.0+dfsg-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / icingaweb2-module-pdfexport

Package

Name: icingaweb2-module-pdfexport
Purl: pkg:deb/debian/icingaweb2-module-pdfexport?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.2+dfsg1-2

0.10.2+dfsg1-3

0.10.2+dfsg1-4

0.11.0+dfsg-1

0.11.0+dfsg-2

0.11.0+dfsg-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / icingaweb2-module-pdfexport

Package

Name: icingaweb2-module-pdfexport
Purl: pkg:deb/debian/icingaweb2-module-pdfexport?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.0+dfsg-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/setasign/fpdi

Affected ranges

Type: GIT
Repo: https://github.com/setasign/fpdi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ba671ba9221cffd32c2dda87316c19f522a1c5f0

Affected versions

1.*

1.5.2

1.5.3

1.5.4

1.6.0

1.6.1

1.6.2

v2.*

v2.0.0

v2.0.0-beta

v2.0.0-beta2

v2.0.0-rc1

v2.0.1

v2.0.2

v2.0.3

v2.1.0

v2.1.1

v2.2.0

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.4.0

v2.4.1

v2.5.0

v2.6.0

v2.6.1

v2.6.2

v2.6.3