Resource Exhaustion Vulnerability in pypdf PDF Library by PyPDF
CVE-2025-62708

6.6MEDIUM

Key Information:

Vendor

Py-PDF

Status
PyPDF
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62708?

The pypdf library, an open-source pure-Python PDF manipulation tool, is susceptible to a resource exhaustion issue due to improper handling of the LZWDecode filter in PDF content streams. Attackers can exploit this vulnerability by crafting malicious PDF files that lead to significant memory consumption during parsing, potentially resulting in degraded performance or application crashes. This vulnerability has been addressed in pypdf version 6.1.3, which contains necessary patches to prevent such attacks.

Affected Version(s)

pypdf < 6.1.3

References

https://github.com/py-pdf/pypdf/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/py-pdf/pypdf/pull/3502
x_refsource_MISC
https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf180...
x_refsource_MISC

CVSS V4

Score:
6.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62708 : Resource Exhaustion Vulnerability in pypdf PDF Library by PyPDF