Listen to this Post
The vulnerability, identified as CVE-2025-55197 and published in the GitHub Advisory Database, affects the pypdf Python library (versions prior to 6.0.0). The core issue lies in how the library handles malformed FlateDecode streams within a PDF file . An attacker can craft a malicious PDF that, when processed by a vulnerable version of pypdf, leads to uncontrolled resource consumption. Specifically, when the library attempts to decompress a series of manipulated FlateDecode filters, particularly within a cross-reference stream, it triggers a scenario where memory is exhausted. This happens because the decompression logic can be tricked into allocating excessive amounts of RAM, effectively creating a denial-of-service (DoS) condition. Even simply reading the file can trigger the exhaustion, as the vulnerable code path is activated during basic parsing. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-770 (Allocation of Resources Without Limits or Throttling) . The fix was implemented in version 6.0.0, and a workaround involves patching the `decompress` function in the filters module manually .
Platform: pypdf
Version: < 6.0.0
Vulnerability: RAM exhaustion
Severity: Moderate
date: Feb 18, 2026
Prediction: Patched (6.0.0)
What Undercode Say:
Analytics
The vulnerability is triggered by a malicious PDF that exploits the FlateDecode stream decompression. By using a series of these filters, the library enters a state where it continuously allocates memory, leading to a crash or system slowdown.
Bash commands and codes
To check your current version of pypdf:
pip show pypdf | grep Version
To upgrade to the patched version:
pip install --upgrade pypdf==6.0.0
For systems where an immediate upgrade is not feasible, the workaround involves modifying the source code as per the fix in Pull Request 3430 .
How Exploit:
An attacker crafts a PDF document with a malformed cross-reference stream that includes a series of nested or manipulated FlateDecode filters. When a vulnerable application using pypdf parses this file, the `FlateDecode.decode` function enters a loop that consumes available memory until the system runs out of RAM.
Protection from this CVE
Immediate: Upgrade to pypdf version 6.0.0 or later .
Temporary Workaround: If you cannot upgrade, manually apply the code changes from the `pypdf.filters.decompress` function as shown in the official repository fix .
Impact
The primary impact is on system availability. Successful exploitation leads to RAM exhaustion, which can cause the application using pypdf to crash, become unresponsive, or potentially affect other processes running on the same host. This is a denial-of-service scenario with no direct impact on data confidentiality or integrity .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

