CVE-2025-55197

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: pypdf versions prior to 6.0.0

Description: pypdf is a free and open-source pure-python PDF library. An attacker can craft a PDF file that leads to exhaustion of RAM. This requires only reading the file if a series of FlateDecode filters are used on a malicious cross-reference stream, and other content streams are affected on explicit access.

Recommendations: Update to pypdf version 6.0.0 or later. If an update is not possible, include the fixed code from pypdf.filters.decompress into the existing filters file.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2025-55197

GHSA-7HFW-26VP-JP8M

OPENSUSE-SU-2025:15439-1

OPENSUSE-SU-2026:10238-1

OPENSUSE-SU-2026:20333-1

Affected Products

Debian

Pypdf

CVE-2025-55197

Weakness Enumeration

Related Identifiers

Affected Products

References · 34