← Back to feed
Security patch:
[MODERATE] GHSA-2mgw-7q6p-8grg: FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service
GitHub Security Advisory·Security·SecurityFix·5/19/2026
### Impact This is a significant Denial of Service (DoS) vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repe
Why it matters → A security vulnerability was patched. Upgrade affected versions to mitigate risk.
Who should care → Anyone running affected versions in production.
setasign/fpdi
View original source ↗Source payload preview
{
"ghsaId": "GHSA-2mgw-7q6p-8grg",
"summary": "FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service",
"severity": "MODERATE",
"updatedAt": "2026-05-19T19:56:20Z",
"references": [
{
"url": "https://github.com/Setasign/FPDI/security/advisories/GHSA-2mgw-7q6p-8grg"
},
{
"url": "https://github.com/advisories/GHSA-2mgw-7q6p-8grg"
}
],
"description": "### Impact\nThis is a significant Denial of Service (DoS) vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability.\n\n### Patches\nFixed as of
…