Memory Exhaustion Vulnerability in PyPDF Library from PyPDF Vendor
CVE-2025-55197

6.6MEDIUM

Key Information:

Vendor

Py-PDF

Status
PyPDF
Vendor
CVE Published:
13 August 2025

What is CVE-2025-55197?

The PyPDF library, a popular open-source PDF processing tool, is susceptible to a memory exhaustion issue. Attackers can craft malicious PDFs that exploit FlateDecode filters, leading to excessive RAM consumption when these PDFs are processed. Although this vulnerability affects the library versions below 6.0.0, a fix has been implemented in the latest release. Users unable to update can mitigate this risk by integrating the corrective code from pypdf.filters.decompress into their existing filters.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

pypdf < 6.0.0

References

https://github.com/py-pdf/pypdf/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/py-pdf/pypdf/issues/3429
x_refsource_MISC
https://github.com/py-pdf/pypdf/pull/3430
x_refsource_MISC

CVSS V4

Score:
6.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.