Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @pdfme/pdf-lib to version 5.5.10 or higher.
@pdfme/pdf-lib is a Create and modify PDF files with JavaScript
Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) through the ensureBuffer function in the stream decoding. An attacker can exhaust system memory and cause application crashes by supplying a specially crafted PDF file with a highly compressed FlateDecode stream.