{"id":"CVE-2026-45802","summary":"FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service","details":"FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7.","aliases":["GHSA-2mgw-7q6p-8grg"],"modified":"2026-07-08T08:05:17.433918173Z","published":"2026-06-11T18:59:36.226Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45802.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-400","CWE-770"]},"references":[{"type":"WEB","url":"https://github.com/Setasign/FPDI/releases/tag/v2.6.7"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45802.json"},{"type":"ADVISORY","url":"https://github.com/Setasign/FPDI/security/advisories/GHSA-2mgw-7q6p-8grg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45802"},{"type":"FIX","url":"https://github.com/Setasign/FPDI/commit/1695cfcc7e01fe844a7296b3de90855a3fa65be6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/setasign/fpdi","events":[{"introduced":"0"},{"fixed":"1695cfcc7e01fe844a7296b3de90855a3fa65be6"},{"fixed":"388c51e69982a3fc16698710b763e8107a49f510"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.6.7"}],"source":["AFFECTED_FIELD","REFERENCES"]}}],"versions":["v2.6.6","v2.6.5","v2.6.4","v2.6.3","v2.6.2","v2.6.1","v2.6.0","v2.5.0","v2.4.1","v2.4.0","v2.3.7","v2.3.6","v2.3.5","v2.3.4","v2.3.3","v2.3.2","v2.3.1","v2.3.0","v2.2.0","v2.1.1","v2.1.0","v2.0.3","v2.0.2","v2.0.1","v2.0.0","1.6.2","1.6.1","1.6.0","1.5.4","1.5.3","1.5.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45802.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}