CVE-2025-55197: 
Python vulnerability analysis and mitigation

CVE-2025-55197 is a vulnerability in pypdf library versions prior to 6.0.0 that allows attackers to cause denial of service through RAM exhaustion. The vulnerability was discovered in August 2025 and involves manipulated FlateDecode streams in PDF files that can lead to uncontrolled resource consumption (GitHub Advisory).

The vulnerability exists in the FlateDecode filter decompression functionality where nested FlateDecode filters can be used to create zip bombs. When processing such maliciously crafted PDF files, the library attempts to decompress the entire stream before parsing, which can lead to memory exhaustion. The issue is rated as Moderate severity and is classified as CWE-400 (Uncontrolled Resource Consumption) (GitHub Advisory).

An attacker can craft a PDF file that, when processed by the vulnerable versions of pypdf, leads to RAM exhaustion. This can occur simply by reading a malicious file containing a series of FlateDecode filters on a cross-reference stream. The proof-of-concept demonstrated that a small PDF file could unpack to over 1PB of zero bytes (GitHub Issue).

The vulnerability has been fixed in pypdf version 6.0.0 by implementing a size limit for decompressed output. For users who cannot upgrade immediately, a workaround is available by implementing custom decompression limits in the pypdf.filters.decompress function. The recommended limit is set to 75,000,000 bytes, though this can be adjusted based on requirements (GitHub PR).

The vulnerability was responsibly disclosed through GitHub's security advisory system and was quickly addressed by the maintainers. The fix was included as part of the pypdf 6.0.0 release, which was announced with other security improvements (GitHub Release).