CVE-2025-66019
Memory Usage vulnerability in pypdf (PyPI)
What is CVE-2025-66019 About?
This vulnerability allows an attacker to craft a PDF that causes excessive memory usage, specifically up to 1 GB per stream. This issue is a follow-up to a previous advisory and occurs when parsing content streams using the LZWDecode filter. Exploitation is straightforward for an attacker who understands how to manipulate PDF structures.
Affected Software
Technical Details
This vulnerability is a refinement of previous memory issues with PDF parsing involving the LZWDecode filter. An attacker can embed content streams within a PDF document, applying the LZWDecode filter. By carefully crafting the LZW compressed data within these streams, specifically manipulating the output length or characteristics of the compressed data, an attacker can force the PDF parser to allocate an extremely large amount of memory (up to 1 GB per stream). This is often achieved by either indicating a very large decompressed size that doesn't correspond to the actual compressed data or by using specific LZW sequences that lead to memory bloat during decompression, exhausting the system's RAM.
What is the Impact of CVE-2025-66019?
Successful exploitation may allow attackers to cause a denial-of-service condition by exhausting system memory resources, leading to application crashes or system instability.
What is the Exploitability of CVE-2025-66019?
Exploitation of this vulnerability is of moderate complexity. An attacker needs to craft a specific PDF file containing content streams that, when decoded with the LZWDecode filter, trigger excessive memory allocation. No authentication or elevated privileges are required, as the vulnerability is triggered by the mere processing of the malicious PDF. Access is remote if the PDF is distributed via email or web downloads, or local if directly provided. The primary condition is that the target system uses a vulnerable version of the PDF parsing library and processes documents using the LZWDecode filter. The likelihood of exploitation increases with applications that automatically process untrusted PDF documents.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-66019?
Available Upgrade Options
- pypdf
- <6.4.0 → Upgrade to 6.4.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7
- https://osv.dev/vulnerability/GHSA-m449-cwjh-6pw7
- https://github.com/py-pdf/pypdf/releases/tag/6.4.0
- https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7
- https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j
- https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2
- https://nvd.nist.gov/vuln/detail/CVE-2025-66019
- https://github.com/py-pdf/pypdf
- https://github.com/py-pdf/pypdf/releases/tag/6.4.0
- https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2
What are Similar Vulnerabilities to CVE-2025-66019?
Similar Vulnerabilities: CVE-2025-62708 , CVE-2025-55197 , CVE-2022-38448 , CVE-2021-39281 , CVE-2020-13768
