CVE-2025-66019 – This vulnerability in pypdf allows attackers to... (How to Fix)

📋 TL;DR

This vulnerability in pypdf allows attackers to craft malicious PDFs that cause excessive memory consumption (up to 1GB per stream) when parsed using the LZWDecode filter. This can lead to denial of service by exhausting system resources. Anyone using pypdf to process untrusted PDF files is affected.

💻 Affected Systems

Products:

pypdf

Versions: All versions prior to 6.4.0

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing PDFs with LZWDecode filter in content streams.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service through memory exhaustion, potentially crashing the application or entire system processing PDFs.

🟠

Likely Case

Application instability, degraded performance, or crashes when processing malicious PDFs.

🟢

If Mitigated

Minimal impact if only trusted PDFs are processed or memory limits are enforced.

🌐 Internet-Facing: HIGH if accepting PDF uploads from untrusted sources without proper validation.

🏢 Internal Only: MEDIUM if processing PDFs from internal sources, but risk exists if any PDFs could be compromised.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires crafting a malicious PDF file; public technical details available in advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.0

Vendor Advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7

Restart Required: No

Instructions:

1. Update pypdf using pip: pip install --upgrade pypdf==6.4.0
2. Verify installation with: pip show pypdf
3. Test PDF processing functionality after update.

🔧 Temporary Workarounds

Disable LZWDecode processing

all

Modify code to avoid using LZWDecode filter when processing PDFs

# In Python code, avoid using LZWDecode filter or implement custom validation

Implement memory limits

linux

Use resource limits or process isolation when parsing PDFs

# Example using resource module:
import resource
resource.setrlimit(resource.RLIMIT_AS, (1073741824, 1073741824))  # 1GB limit

🧯 If You Can't Patch

Implement strict PDF file validation and only accept PDFs from trusted sources
Run PDF processing in isolated containers with strict memory limits

🔍 How to Verify

Check if Vulnerable:

Check pypdf version: pip show pypdf | grep Version

Check Version:

pip show pypdf | grep Version

Verify Fix Applied:

Confirm version is 6.4.0 or higher and test with known malicious PDF samples

📡 Detection & Monitoring

Log Indicators:

Unusual memory consumption spikes during PDF processing
Application crashes or restarts when handling PDF files

Network Indicators:

Large PDF file uploads followed by system resource exhaustion

SIEM Query:

source="application.log" "pypdf" AND ("memory" OR "crash" OR "OOM")

📊 Metadata

CVE ID: CVE-2025-66019

CVSS v3 Score: N/A (Unknown)

CWE: CWE-400

EPSS Score: 0.07% exploit probability (22th percentile)

Published: November 26, 2025

Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66019, you might also want to check these: