CVE-2025-55197 – PyPDF FlateDecode Filter Exhaustion Denial of Service

CVE ID : CVE-2025-55197

Published : Aug. 13, 2025, 11:15 p.m. | 1 hour, 18 minutes ago

Description : pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…