RUSTSEC-2026-0201
Non-painting replaced elements amplify to thousands of blank PDF pages (denial of service)
Details
`fulgur` converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.26.0, a childless box that resolves to a pathologically tall height was amplified into thousands of blank PDF pages, even when it produces no visible output.
The childless-collapse defense that would normally collapse such a box was gated by a tag-only "replaced content" check, so any non-painting replaced element bypassed it, including an unresolved `src` (the common offline-first case), a `visibility:hidden` image, an undecodable image format, and an empty `<svg>`. A trailing-sibling variant of the same gap was also open.
A few bytes of HTML therefore amplified into roughly `MAX_PAGES` (10,000) blank pages; the renderer allocates and runs a per-page loop over them, producing CPU and memory exhaustion. An attacker able to submit HTML to a fulgur-based conversion service can trigger this with a trivially small payload, denying service to the host and any co-tenants.
Fixed in 0.26.0: the tag-only gate was removed so that any pathologically tall childless box collapses regardless of whether it is a replaced element, closing the missing-`src`, `visibility:hidden`, undecodable-format, and empty-`<svg>` vectors along with the trailing-sibling variant.
Versions prior to 0.19.0 additionally lacked any page-count cap, allowing an unbounded (rather than 10,000-page) variant of this amplification; that earlier variant is tracked separately as GHSA-j5cx-ph8g-95v3.
## Attack Vector rationale
`fulgur` performs no network I/O of its own; it renders HTML/CSS handed to it by the embedding application. This advisory scores the crate independent of any specific adopting program, so per the CVSS v3.1 User Guide §3.7 the Attack Vector is assessed as Network for the reasonable worst-case deployment — a network-facing service that renders untrusted HTML without user interaction. A concrete system that receives the HTML in one component and passes it to fulgur in a separate component may assess a lower environmental Attack Vector (Local, per §3.10).
Are you affected?
Enter the version of the package you're using.
Affected packages
0.0.0-0 Fixed in: 0.26.0 Upgrade fulgur to 0.26.0 or newer (ecosystem crates.io).