207 matches found
SUSE-SU-2025:4125-1 Security update for ghostscript
This update for ghostscript fixes the following issues: - CVE-2025-59798: Fixed stack-based buffer overflow in pdfwritecmap in devices/vector/gdevpdtw.c. bsc1250353 - CVE-2025-59799: Fixed stack-based buffer overflow in pdfmarkcoercedest in devices/vector/gdevpdfm.c via a large size value...
CVE-2025-64512
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
UBUNTU-CVE-2025-64512
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
CVE-2025-64512
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
🚀 Overview This report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading. It shows how a low-privileged user can gain root access or escalate to any service account by exploiting insecure deserializatio...
GHSA-F83H-GHPP-7WCC Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
🚀 Overview This report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading. It shows how a low-privileged user can gain root access or escalate to any service account by exploiting insecure deserializatio...
EUVD-2025-38331
Insecure Deserialization pickle in pdfminer.six CMap Loader — Local Privesc...
Deserialization of Untrusted Data
Overview pdfminer.six is a PDF parser and analyzer Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CMap loading process. An attacker can execute arbitrary code with the privileges of the process running the library by placing a malicious .pickle.gz fi...
GHSA-WF5F-4JWR-PPCP Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
Summary pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in th...
PT-2026-5984
Name of the Vulnerable Software and Affected Versions pdfminer.six versions prior to 20251230 Description pdfminer.six contains an insecure deserialization issue in the CMap loading mechanism. The library utilizes Python pickle to deserialize CMap cache files without proper validation. An attacke...
py-pdfminer.six -- Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
Pieter Marsman reports: pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990481)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990481 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is th...
Linux Distros Unpatched Vulnerability : CVE-2025-11896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the UseCMap entry, leads to infinite recursion and a stack overflow. CVE-2025-11896 Note that Nessus...
SUSE CVE-2025-11896
In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...
CVE-2025-11896
A flaw was found in Xpdf. A PDF object loop in a CMap, via the "UseCMap" entry leads to an infinite recursion and a stack overflow, resulting in an application crash...
EUVD-2025-34838
In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...
CVE-2025-11896
In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...
UBUNTU-CVE-2025-11896
In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...