CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

EUVD-2025-50815

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

CVE-2025-64512

pdfminer.six contains an insecure deserialization vulnerability in the CMap loading path. The library uses pickle.loads() to deserialize CMap cache files; a malicious PDF can cause execution of code by pointing to a crafted .pickle.gz in the cmap directory. Affected releases are before the upstre...

Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

Summary pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in th...

PT-2025-46211

Name of the Vulnerable Software and Affected Versions Pdfminer.six versions prior to 20251107 Description Pdfminer.six is a tool for extracting information from PDF documents. Prior to version 20251107, the software could execute arbitrary code from a malicious pickle file when processing a...