CVE-2025-62708
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pypdf_project | pypdf | to 6.1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-409 | The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in pypdf versions prior to 6.1.3 allows an attacker to craft a specially designed PDF that causes the library to use a large amount of memory when parsing the content stream of a page using the LZWDecode filter. This can lead to excessive memory consumption during PDF processing.
How can this vulnerability impact me? :
The vulnerability can cause large memory usage when processing maliciously crafted PDFs, potentially leading to denial of service or degraded performance of applications using the affected pypdf versions.
What immediate steps should I take to mitigate this vulnerability?
Update pypdf to version 6.1.3 or later, as this version contains the fix for the vulnerability related to large memory usage when parsing PDFs with the LZWDecode filter.