Breaking Lzw: Interactive Exploration of a PDF Decompression Dos
Posted21 days ago
aydinnyunus.github.ioSecuritystory
informativeneutral
Debate
20/100
Code VulnerabilitiesPDF ParsingLzw Compression
Key topics
Code Vulnerabilities
PDF Parsing
Lzw Compression
Discussion Activity
Light discussionFirst comment
N/A
Peak period
1
Start
Avg / period
1
Key moments
- 01Story posted
Dec 20, 2025 at 3:28 AM EST
21 days ago
Step 01 - 02First comment
Dec 20, 2025 at 3:28 AM EST
0s after posting
Step 02 - 03Peak activity
1 comments in Start
Hottest window of the conversation
Step 03 - 04Latest activity
Dec 20, 2025 at 3:28 AM EST
21 days ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Discussion (1 comments)
Showing 1 comments
runtimepanicAuthor
21 days ago
PDF files rely on compression algorithms like LZW and ZLIB to reduce size, but these choices can have security implications.
In this post, I analyze CVE-2025-66019, a Denial of Service vulnerability in pypdf’s LZW decompression logic. I walk through how LZW works internally, why its dictionary growth can be abused, and why algorithms like ZLIB don’t suffer from the same class of issue.
The article includes interactive examples so readers can experiment with compression and decompression behavior themselves.
View full discussion on Hacker News
ID: 46334493Type: storyLast synced: 12/20/2025, 8:30:21 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.