CVE-2025-55197: 
Python vulnerability analysis and mitigation

CVE-2025-55197 affects pypdf, a free and open-source pure-python PDF library. The vulnerability was discovered on August 11, 2025, and disclosed on August 13, 2025. Prior to version 6.0.0, an attacker could craft a PDF file which leads to RAM exhaustion through a series of FlateDecode filters on a malicious cross-reference stream (NVD, GitHub Advisory).

The vulnerability stems from ineffective validation of decompressed data size when processing FlateDecode filters. The issue occurs when reading a file containing a series of maliciously crafted FlateDecode filters in the cross-reference stream, which can unpack to over 1PB of zero bytes. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can lead to complete RAM exhaustion on the system processing the malicious PDF file. The impact occurs immediately upon reading the file if a malicious cross-reference stream is present, and other content streams are affected on explicit access. This can result in denial of service conditions (GitHub Advisory).

The vulnerability has been fixed in pypdf version 6.0.0. For users unable to upgrade, a workaround is available by implementing a size limit in the pypdf.filters.decompress function. The fix involves adding a ZLIBMAXOUTPUT_LENGTH constant set to 75,000,000 bytes and implementing decompression with size limits (GitHub PR, GitHub Advisory).