CVE-2025-54869 FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

GHSA-JXHH-4648-VPP3 FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service

Impact This is a significant Denial of Service DoS vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to...

FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service

Impact This is a significant Denial of Service DoS vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to...

Updated clamav packages fix security vulnerability

Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service DoS condition or enable remote code execution. CVE-2025-20260...

CVE-2020-6074

An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

MGASA-2024-0307 Updated clamav packages fix security vulnerabilities

Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service DoS condition. CVE-2024-20505 Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam'...

Updated clamav packages fix security vulnerabilities

Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service DoS condition. CVE-2024-20505 Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam'...

Fedora 40 : clamav (2024-e8f7a74693)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e8f7a74693 advisory. Update to 1.0.7 CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with...

UBUNTU-CVE-2024-20505

A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a...

openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:1673-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1673-1 advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...

BIT-PILLOW-2021-25292

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS ReDoS attack via a crafted PDF file because of a catastrophic backtracking regex...

SUSE CVE-2021-34119

A flaw was discovered in htmodoc 1.9.12 in function parseparagraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file...

SUSE CVE-2005-2097

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service disk consumption and hang via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information...

SUSE CVE-2010-3434

Buffer overflow in the findstreambounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party informatio...

SUSE CVE-2011-3906

The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

SUSE CVE-2015-6758

The CPDFDocument::GetPage function in fpdfapi/fpdfparser/fpdfparserdocument.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...

SUSE CVE-2015-8981

Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to moffsets.size...

SUSE CVE-2018-8002

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

SUSE CVE-2018-1000036

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service memory leak via a crafted file...

SUSE CVE-2018-1000037

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service assert crash via a crafted file...