5 matches found
GHSA-8X2R-V9X5-3QGH Duplicate Advisory: Insecure Deserialization (pickle) in pdfminer.six CMap Loader β Local Privesc
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f83h-ghpp-7wcc. This link is maintained to preserve external references. Original Description pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The...
Duplicate Advisory: Insecure Deserialization (pickle) in pdfminer.six CMap Loader β Local Privesc
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f83h-ghpp-7wcc. This link is maintained to preserve external references. Original Description pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The...
EUVD-2025-38331
Insecure Deserialization pickle in pdfminer.six CMap Loader β Local Privesc...
Insecure Deserialization (pickle) in pdfminer.six CMap Loader β Local Privesc
π Overview This report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading. It shows how a low-privileged user can gain root access or escalate to any service account by exploiting insecure deserializatio...
GHSA-F83H-GHPP-7WCC Insecure Deserialization (pickle) in pdfminer.six CMap Loader β Local Privesc
π Overview This report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading. It shows how a low-privileged user can gain root access or escalate to any service account by exploiting insecure deserializatio...