CVE-2025-55197
RAM Exhaustion vulnerability in pypdf (PyPI)
What is CVE-2025-55197 About?
This vulnerability allows an attacker to exhaust system RAM by crafting a malicious PDF file. The vulnerability specifically affects cross-reference streams with a series of FlateDecode filters, and other content streams upon explicit access. Simply reading the file can trigger this severe memory exhaustion, making it very easy to exploit.
Affected Software
Technical Details
The vulnerability lies in the way pypdf handles PDF files, particularly when a series of FlateDecode filters is applied to a malicious cross-reference stream. An attacker can craft a PDF where the compressed data within these streams, when processed sequentially by multiple FlateDecode filters, leads to an exponential or excessively large expansion of data in memory. This can be exacerbated if the filters are chained in a way that each decompression step inflates the data size further, quickly consuming all available RAM. For other content streams, the memory exhaustion occurs upon explicit access, meaning when the content is rendered or parsed.
What is the Impact of CVE-2025-55197?
Successful exploitation may allow attackers to cause a severe denial-of-service condition, leading to complete system unresponsiveness or crashes by exhausting all available RAM.
What is the Exploitability of CVE-2025-55197?
Exploitation of this vulnerability is of low to moderate complexity. An attacker needs to craft a malicious PDF file, specifically manipulating cross-reference streams with chained FlateDecode filters. No authentication or privileged access is required; merely reading or parsing the crafted PDF file can trigger the RAM exhaustion. Access is typically remote, as the attacker would deliver the PDF via email, a malicious website, or other means. The critical conditions are that the target system processes PDFs using the vulnerable pypdf library and that specifically malformed cross-reference streams or content streams are encountered. The risk of exploitation is high given that simply opening or previewing the file can trigger the vulnerability.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-55197?
Available Upgrade Options
- pypdf
- <6.0.0 → Upgrade to 6.0.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/py-pdf/pypdf/issues/3429
- https://osv.dev/vulnerability/GHSA-7hfw-26vp-jp8m
- https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143
- https://github.com/py-pdf/pypdf/releases/tag/6.0.0
- https://github.com/py-pdf/pypdf/security/advisories/GHSA-7hfw-26vp-jp8m
- https://github.com/py-pdf/pypdf/issues/3429
- https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143
- https://github.com/py-pdf/pypdf/pull/3430
- https://github.com/py-pdf/pypdf/security/advisories/GHSA-7hfw-26vp-jp8m
- https://github.com/py-pdf/pypdf/pull/3430
What are Similar Vulnerabilities to CVE-2025-55197?
Similar Vulnerabilities: CVE-2025-62708 , CVE-2025-66019 , CVE-2023-39234 , CVE-2021-39281 , CVE-2020-13768
