Stirling-PDF Denial-of-Service Vulnerability in Watermark Functionality

A denial-of-service vulnerability has been identified in Stirling-PDF versions 2.1.5 prior to 2.5.2, specifically within the watermark feature at the '/api/v1/security/add-watermark' endpoint. This vulnerability allows authenticated users to exhaust server resources and cause crashes by submitting extreme values for the 'fontSize' and 'widthSpacer' parameters. The issue arises because the application fails to properly validate user input, leading to resource-intensive operations that can disrupt service for all users.

Impact

Exploitation of this vulnerability causes a significant increase in CPU and memory usage, leading to a complete denial-of-service condition that affects all users.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/v1/security/add-watermark' endpoint with extreme values for the 'fontSize' and 'widthSpacer' parameters. Include an authorization token and a PDF file in the request. The server will respond by processing the watermark addition, which will trigger the resource exhaustion and cause the server to crash.

Remediation

Users can upgrade to Stirling-PDF version 2.5.2 or later, where this vulnerability has been patched.