CVE-2025-54869

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-54869
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54869.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54869
Aliases
Downstream
Published
2025-08-05T23:34:17.937Z
Modified
2026-04-10T05:30:41.037015Z
Severity
  • 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser
Details

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54869.json",
    "cwe_ids": [
        "CWE-770"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/setasign/fpdi

Affected ranges

Type
GIT
Repo
https://github.com/setasign/fpdi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
67c31f5e50c93c20579ca9e23035d8c540b51941

Affected versions

1.*
1.5.2
1.5.3
1.5.4
1.6.0
1.6.1
1.6.2
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.4.0
v2.4.1
v2.5.0
v2.6.0
v2.6.1
v2.6.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54869.json"