What is GHSA-2mgw-7q6p-8grg?

GHSA-2mgw-7q6p-8grg is a security advisory published by GitHub Security Advisories with Medium severity. FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

Which CVE IDs does GHSA-2mgw-7q6p-8grg cover?

GHSA-2mgw-7q6p-8grg covers the following CVE IDs: CVE-2026-45802. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

Which products are affected by GHSA-2mgw-7q6p-8grg?

GHSA-2mgw-7q6p-8grg affects 1 product, including: composer/setasign/fpdi:\u003c 2.6.7.

GHSA-2mgw-7q6p-8grgMedium

FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

Vendor

GitHub Security Advisories

Published

May 19, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-45802 →

📋 Description

### Impact This is a significant Denial of Service (DoS) vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. ### Patches Fixed as of version 2.6.7 ### Workarounds No. ### References No.

🎯 Affected products1

composer/setasign/fpdi:< 2.6.7

🔗 References (2)

https://github.com/Setasign/FPDI/security/advisories/GHSA-2mgw-7q6p-8grg
https://github.com/advisories/GHSA-2mgw-7q6p-8grg