CVE-2025-62707 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-62707 PUBLISHED CVSS 6.599999904632568 MEDIUM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.

EPSS 0.03% · 9.0th percentile

Risk Scores

CVSS v4.0

6.599999904632568

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

EPSS Score

0.03%

9.0th percentile

Affected Products

Vendor	Product	Versions
py-pdf	pypdf	< 6.1.3
PyPI	pypdf	0
pypdf_project	pypdf	0

Timeline

Jan 21, 1970 Fix PR Merged
Jan 21, 1970 Security Advisory
Oct 22, 2025 CVE Published
Oct 22, 2025 Coalition ESS Score
Oct 23, 2025 EPSS Score
Oct 23, 2025 PoC Published
Oct 28, 2025 EPSS Score
Oct 31, 2025 Coalition ESS Score
Nov 3, 2025 EPSS Score
Nov 8, 2025 EPSS Score
Nov 10, 2025 CVE Updated
Nov 13, 2025 EPSS Score

References

Open in Interactive Console →