N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-62707

GHSA ID

GHSA-vr63-x8vc-m265

EPSS Score

CWE

CWE-834

Published

10/22/2025

Updated

10/22/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62707

CVE-2025-62707: pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact

An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter.

Patches

This has been fixed in pypdf==6.1.3.

Workarounds

If you cannot upgrade yet, consider applying the changes from PR #3501.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-62707

CVE-2025-62707:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-62707

GHSA ID

GHSA-vr63-x8vc-m265

EPSS Score

CWE

CWE-834

Published

10/22/2025

Updated

10/22/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pypdf	pip	< 6.1.3	6.1.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, as described, is an infinite loop when parsing a malformed DCT inline image in a PDF. The provided patch in pull request #3501 directly addresses this issue. By analyzing the commits within this pull request, specifically commit 2abf4eb616de467f416aa8a88a2a111ba5fe0168, it's clear that the extract_inline_DCT function in pypdf/generic/_image_inline.py is the source of the vulnerability. The patch modifies this function to add proper end-of-stream checking. The while True loop in the original code is susceptible to an infinite loop if stream.read() consistently returns an empty byte string, which can happen with a crafted input. The fix involves creating a new read function that wraps stream.read() and raises an exception if an unexpected end of the stream is detected, thus preventing the infinite loop. Therefore, extract_inline_DCT is the vulnerable function that would appear in a runtime profile during the exploitation of this vulnerability.

Vulnerable functions

extract_inline_DCT

pypdf/generic/_image_inline.py

The vulnerability lies in the `extract_inline_DCT` function, which is responsible for parsing DCT (JPEG) streams from inline images in a PDF. The original implementation contained a `while True:` loop that read from the stream. This loop did not properly handle cases where the stream ended prematurely (i.e., a malformed image without a proper End-of-File marker). An attacker could craft a PDF with such a malformed image, causing the `stream.read()` call within the loop to continuously return no data, resulting in an infinite loop and a Denial of Service (DoS). The patch mitigates this by introducing a `read` wrapper function that explicitly checks if the number of bytes read from the stream matches the number of bytes requested. If not, it raises a `PdfReadError`, effectively breaking the loop and preventing the DoS.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-62707: pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact

Patches

Workarounds

CVE-2025-62707:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-62707: pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact

Patches

Workarounds

N/A

N/A

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI