CNNVD-202510-2794 Information

CNNVD ID

CNNVD-202510-2794

Related CVE

CVE-2025-62707

• CNNVD Published: 2025-10-22

Description (Chinese)

pypdf是py-pdf开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 pypdf 6.1.3之前版本存在安全漏洞，该漏洞源于解析使用DCTDecode过滤器的内联图像页面内容流时，可能导致无限循环。

Description (English)

Pypdf is a free, open python PDF library. to split, merge, crop and convert pages of PDF files. There is a security loophole in the previous version of pypdf 6.1.3, which can lead to unlimited circulation when the inline image page stream using the DCTDecode filter is deciphered.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

py-pdf

Published

2025-10-22

Last Modified

2026-02-24

References

https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8 https://github.com/py-pdf/pypdf/pull/3501 https://github.com/py-pdf/pypdf/releases/tag/6.1.3 https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265

Patch

https://github.com/py-pdf/pypdf/releases