[Security] wkhtmltopdf: request for private coordination (rendering stalls/high CPU under specific input)
13 views
Skip to first unread message
James Doll
Sep 10, 2025, 7:55:49 AMSep 10
to wkhtmltopdf General
Hello wkhtmltopdf maintainers,
I’m reporting a security-relevant issue that causes wkhtmltopdf to stall and consume high CPU under specific input conditions.
• Affected version: 0.12.6.1 Latest(Earlier/others not yet tested)
• Impact (high): excessive CPU usage during HTML→PDF rendering; risk of severe service disruption in automated pipelines
• PoC: available privately to maintainers upon request (not posting publicly to avoid misuse)
Please advise the best private/secure channel for details.
If I do not hear back within 5 business days (by Wed, Sep 17, 2025, PT), I will proceed via a coordinator (CERT/CC) and request a CVE from MITRE, per their researcher guidance.
Thank you,
@tequila_ninja
James Doll
I’m reporting a security-relevant issue that causes wkhtmltopdf to stall and consume high CPU under specific input conditions.
• Affected version: 0.12.6.1 Latest(Earlier/others not yet tested)
• Impact (high): excessive CPU usage during HTML→PDF rendering; risk of severe service disruption in automated pipelines
• PoC: available privately to maintainers upon request (not posting publicly to avoid misuse)
Please advise the best private/secure channel for details.
If I do not hear back within 5 business days (by Wed, Sep 17, 2025, PT), I will proceed via a coordinator (CERT/CC) and request a CVE from MITRE, per their researcher guidance.
Thank you,
@tequila_ninja
James Doll
Reply all
Reply to author
Forward
0 new messages