CVE Catalog

CVE-2026-45802

MediumCVSS 6.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile — higher than 12% of all known CVEs

Summary

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out.

Risk Assessment

Repeated attacks can lead to sustained service unavailability, impacting the continuity of the organization's operations.

Recommendation

It is recommended to upgrade to version 2.6.7 or later to patch this vulnerability and prevent potential attacks.

Original NVD description (English source)

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS