Primary

Context

Spring AI ForkPDFLayoutTextStripper Memory Allocation Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4. The issue arises when `ForkPDFLayoutTextStripper` processes a crafted PDF file, causing excessive memory allocation. This vulnerability affects applications that use `ForkPDFLayoutTextStripper` and accept user-supplied input to `DocumentReader`s.

Impact

Exploitation of this vulnerability leads to excessive memory consumption, causing applications to run out of memory and potentially terminate unexpectedly.

Remediation

Users should upgrade to Spring AI version 1.0.6 or 1.1.5, depending on their current version.

Added: Apr 28, 2026, 9:34 AM

Updated: Apr 28, 2026, 9:34 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring AI ForkPDFLayoutTextStripper Memory Allocation Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating