Compliance

The memory-safe PDF library.

US and EU regulators are actively pushing organizations away from C-based PDF dependencies. PDFluent is written in Rust — no C, no CVEs, no manual memory management.

Code example

rust
use pdfluent::PdfDocument;

// The Result type makes error handling explicit — no segfaults possible.
// Buffer overflows and use-after-free bugs are eliminated by the Rust compiler.
fn process_pdf(path: &str) -> anyhow::Result<()> {
    // open() returns Result<Document, Error> — never a null pointer.
    let doc = PdfDocument::open(path)?;

    let page_count = doc.page_count();
    let title = doc.metadata().title().unwrap_or("(no title)");

    println!("Opened: {} ({} pages)", title, page_count);

    // doc is dropped here — memory is freed deterministically.
    // No garbage collector, no memory leak, no use-after-free.
    Ok(())
}

Run cargo add [email protected] to get started.

What it does

Zero C dependencies

PDFluent is a pure-Rust crate with no FFI bindings to libpoppler, Ghostscript, MuPDF, or PDFium. There is no inherited CVE surface from C or C++ PDF libraries. Every dependency in the supply chain is a Rust crate auditable with cargo audit.

Rust ownership model

Buffer overflows, use-after-free bugs, and null pointer dereferences are impossible in safe Rust. The compiler enforces memory safety at compile time — not at runtime, and not via a garbage collector. These are the vulnerability classes responsible for the majority of critical CVEs in C-based PDF processors.

Designed for EU Cyber Resilience Act alignment (effective 2027)

The EU Cyber Resilience Act entered into force in December 2024, with main obligations applying from December 2027. It requires "secure by design" software products sold in the EU. PDFluent's memory-safe Rust foundation satisfies the secure-by-design requirement at the language level.

CISA memory-safe roadmap compatible

CISA and NSA began recommending memory-safe languages in 2022. The White House ONCD "Back to the Building Blocks" report (February 2024) explicitly named Rust as a memory-safe language. CISA's June 2025 joint guide reinforced this guidance. Using PDFluent satisfies these recommendations for your PDF processing component.

No memory leaks

Rust's ownership model ensures deterministic deallocation. Resources are freed when they go out of scope — no garbage collection pauses, no memory pressure on long-running services, no silent leaks accumulating across PDF processing jobs.

Auditable supply chain

PDFluent is distributed as a pure-Rust crate on crates.io. Run cargo audit to check all transitive dependencies against the RustSec Advisory Database. No binary blobs, no vendored C code, no opaque native libraries in the dependency tree.

Deployment options

Rust library (crate)REST microserviceAWS LambdaDocker containerCloudflare Workers (WASM)GitHub Actions / GitLab CI

Frequently asked questions