UNKNOWN PyPI
pypdf possibly loops infinitely when reading DCT inline images without EOF marker
GHSA-vr63-x8vc-m265 · CVE-2025-62707
Published · Modified
Description
Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter.
Patches
This has been fixed in pypdf==6.1.3.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3501.
References
- WEB https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-62707
- WEB https://github.com/py-pdf/pypdf/pull/3501
- WEB https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8
- PACKAGE https://github.com/py-pdf/pypdf
- WEB https://github.com/py-pdf/pypdf/releases/tag/6.1.3
Ready to move
Start Securing
Free, no credit card | First findings in minutes