205 matches found
Advisory ROSA-SA-2026-3272
software: harfbuzz 7.0.1 OS: ROSA-CHROME unaffected versions = harfbuzz-7.0.1-3 affected versions harfbuzz-7.0.1-3 CVE-ID: CVE-2026-22693 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing vulnerability in HarfBuzz is related to a lack of validation of the hbmalloc return value...
Insecure Deserialization
pdfminer.six vulnerable to insecure deserialization. The vulnerability is due to the unsafe use of Python pickle for deserializing CMap cache files without proper validation, which allows an attacker to place a malicious pickle file in an accessible location and execute arbitrary code or escalate...
Security update for poppler (moderate)
openSUSE security update: security update for poppler ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20397-1 Rating: moderate References: bsc1252337 Cross-References: CVE-2025-11896 CVSS scores: CVE-2025-11896 SUSE : 3.3...
SUSE-SU-2026:20911-1 Security update for poppler
This update for poppler fixes the following issues: - CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337...
SUSE CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
GHSA-8X2R-V9X5-3QGH Duplicate Advisory: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f83h-ghpp-7wcc. This link is maintained to preserve external references. Original Description pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The...
Duplicate Advisory: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f83h-ghpp-7wcc. This link is maintained to preserve external references. Original Description pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
UBUNTU-CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
pdfminer.six 安全漏洞
pdfminer.six is an open-source tool developed by pdfminer for extracting information from PDF documents. Versions prior to 20251230 of pdfminer.six contained security vulnerabilities. These vulnerabilities stemmed from the CMap loading mechanism, where the Python pickle mechanism was used to...
EUVD-2025-206704
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation, allowing an attacker who can place a malicious pickle file in a reachable location to trigger arbitrary...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
Advisory ROSA-SA-2026-3118
software: ghostscript 9.56.1 OS: ROSA-CHROME unaffected versions = ghostscript-9.56.1-9 affected versions ghostscript-9.56.1-9 CVE-ID: CVE-2025-59798 BDU-ID: 2025-11520 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pdfwritecmap function of the Ghostscript document processing, conversion, and...
OESA-2026-1226 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in...
OESA-2026-1223 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in...