CVE-2026-40980 - Moderate - CVE-2026-40980: OOM by attacker-controlled PDF
Spring
·
2026-04-27
·
via Spring Security Advisories
Description In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper . Only applications that use ForkPDFLayoutTextStripper and pass user-supplied input to DocumentReader s are affected. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s) Fix version Availability 1.0.x 1.0.6 OSS 1.1.x 1.1.5 OSS No further mitigation steps are necessary. References https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。