CVE-2025-62707 MEDIUM

CVE-2025-62707: pypdf affected by possible infinite loop when reading DCT inline images without EOF marker

Vendor Py-Pdf
Product pypdf
Weakness CWE-834
Published October 22, 2025
Last update October 23, 2025

CVSS base score

6.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.

Key dates

02Disclosure timeline

October 22, 2025 CVE published
October 23, 2025 Record updated