N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-62707

GHSA ID

GHSA-vr63-x8vc-m265

EPSS Score

CWE

CWE-834

Published

10/22/2025

Updated

10/22/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62707

CVE-2025-62707: pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact

An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter.

Patches

This has been fixed in pypdf==6.1.3.

Workarounds

If you cannot upgrade yet, consider applying the changes from PR #3501.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-62707

GHSA ID

GHSA-vr63-x8vc-m265

EPSS Score

CWE

CWE-834

Published

10/22/2025

Updated

10/22/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pypdf	pip	< 6.1.3	6.1.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, as described, is an infinite loop when parsing a malformed DCT inline image in a PDF. The provided patch in pull request #3501 directly addresses this issue. By analyzing the commits within this pull request, specifically commit 2abf4eb616de467f416aa8a88a2a111ba5fe0168, it's clear that the extract_inline_DCT function in pypdf/generic/_image_inline.py is the source of the vulnerability. The patch modifies this function to add proper end-of-stream checking. The while True loop in the original code is susceptible to an infinite loop if stream.read() consistently returns an empty byte string, which can happen with a crafted input. The fix involves creating a new read function that wraps stream.read() and raises an exception if an unexpected end of the stream is detected, thus preventing the infinite loop. Therefore, extract_inline_DCT is the vulnerable function that would appear in a runtime profile during the exploitation of this vulnerability.

Vulnerable functions

extract_inline_DCT

pypdf/generic/_image_inline.py

The vulnerability lies in the `extract_inline_DCT` function, which is responsible for parsing DCT (JPEG) streams from inline images in a PDF. The original implementation contained a `while True:` loop that read from the stream. This loop did not properly handle cases where the stream ended prematurely (i.e., a malformed image without a proper End-of-File marker). An attacker could craft a PDF with such a malformed image, causing the `stream.read()` call within the loop to continuously return no data, resulting in an infinite loop and a Denial of Service (DoS). The patch mitigates this by introducing a `read` wrapper function that explicitly checks if the number of bytes read from the stream matches the number of bytes requested. If not, it raises a `PdfReadError`, effectively breaking the loop and preventing the DoS.

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r w*o us*s t*is vuln*r**ility **n *r**t * P** w*i** l***s to *n in*init* loop. T*is r*quir*s p*rsin* t** *ont*nt str**m o* * p*** w*i** **s *n inlin* im*** usin* t** **T***o** *ilt*r. ### P*t***s T*is **s ***n *ix** in [pyp**==

Reasoning

T** vuln*r**ility, *s **s*ri***, is *n in*init* loop w**n p*rsin* * m*l*orm** **T inlin* im*** in * P**. T** provi*** p*t** in pull r*qu*st #**** *ir**tly ***r*ss*s t*is issu*. *y *n*lyzin* t** *ommits wit*in t*is pull r*qu*st, sp**i*i**lly *ommit `*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-62707: pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact

Patches

Workarounds

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI