VulnerableCode Package Details - pkg:maven/org.springframework.ai/spring-ai-pdf-document-reader@1.0.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.springframework.ai/spring-ai-pdf-document-reader@1.0.2

Essentials
History (1)

purl	pkg:maven/org.springframework.ai/spring-ai-pdf-document-reader@1.0.2

Next non-vulnerable version	1.0.6
Latest non-vulnerable version	1.1.5
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-mwz6-erut-yfd3 Aliases: CVE-2026-40980 GHSA-26gg-9gv2-v27j	In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)	1.0.6 Affected by 0 other vulnerabilities. 1.1.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-mwz6-erut-yfd3
Aliases:
CVE-2026-40980
GHSA-26gg-9gv2-v27j

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

1.0.6
Affected by 0 other vulnerabilities.

1.1.5
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T22:14:17.531221+00:00	GitLab Importer	Affected by	VCID-mwz6-erut-yfd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.ai/spring-ai-pdf-document-reader/CVE-2026-40980.yml	38.6.0