Please report security issues by emailing ryan@databa.ai.

Do not open public GitHub issues for vulnerabilities until a fix has shipped. Acknowledgement target: within 72 hours. Fix target: within 14 days for high-severity issues, longer for issues that require a breaking change.

When reporting, please include:

• A description of the issue and its impact.
• Reproduction steps or a proof-of-concept, if you have one.
• The affected version(s) of spectre_rs.
• Any suggested mitigations.

spectre_rs parses untrusted PDF bytes. Caller-side hardening that ships in the library:

• Resource bounds at the entry of every public extraction call — MAX_PAGES, MAX_OUTPUT_BYTES, MAX_TABLES. A crafted PDF claiming millions of pages, or one whose extracted text would exhaust memory, is refused with ExtractError::LimitExceeded rather than allowed to OOM the host process.
• Encrypted-document detection — PDFs carrying an /Encrypt entry in the trailer return ExtractError::Encrypted rather than silently producing garbled output from un-decrypted content streams.
• Per-page error surfacing — pages where the underlying parser fails return ExtractError::PageExtractFailed { page, source }, not silent empty strings.

Memory safety is provided by Rust + the lopdf parser (also pure Rust). spectre_rs makes no FFI calls.

Only the latest minor release line is patched for security issues. While spectre_rs is pre-1.0 (current line: 0.4.x), the API may change between minor versions; security fixes will be backported to the immediately preceding 0.x.y patch line on a best-effort basis.