ROOT-APP-PYPI-CVE-2025-64512 CVE-2025-64512 in rootio-pdfminer.six - Patched by Root

Root has patched CVE-2025-64512 in the rootio-pdfminer.six package for Root:PyPI. Multiple fixed versions available...

UBUNTU-CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

Linux Distros Unpatched Vulnerability : CVE-2025-70559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMa...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-5.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

Remote Code Execution (RCE)

pdfminer.six is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the CMapDB.loaddata function, where pickle.loads processes attacker-controlled pickle.gz files referenced by a malicious PDF, allowing arbitrary code execution when the file is...

[SECURITY] Fedora 42 Update: python-pdfminer-20240706-4.fc42

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

[SECURITY] Fedora 43 Update: python-pdfminer-20251107-1.fc43

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

SUSE CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

Security update for python-pdfminer.six (important)

openSUSE Security Update: Security update for python-pdfminer.six Announcement ID: openSUSE-SU-2025:0429-1 Rating: important References: 1253228 Cross-References: CVE-2025-64512 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description:...

Security update for python-pdfminer.six (important)

openSUSE Security Update: Security update for python-pdfminer.six Announcement ID: openSUSE-SU-2025:0428-1 Rating: important References: 1253228 Cross-References: CVE-2025-64512 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...

OPENSUSE-SU-2025:15727-1 python311-pdfminer.six-20251107-1.1 on GA media

These are all security issues fixed in the python311-pdfminer.six-20251107-1.1 package on the GA media of openSUSE Tumbleweed...

UBUNTU-CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

CVE-2025-64512

pdfminer.six contains an insecure deserialization vulnerability in the CMap loading path. The library uses pickle.loads() to deserialize CMap cache files; a malicious PDF can cause execution of code by pointing to a crafted .pickle.gz in the cmap directory. Affected releases are before the upstre...

achoz (>=0.3.0 <=0.3.42), aclpubcheck (>=0.1.0 <=0.2.0) +314 more potentially affected by CVE-2025-70559 via pdfminer-six (>=20140915.0.0 <=20251107.0.0)

pdfminer-six PYPI version =20140915.0.0, =0.3.0, =0.1.0, =0.8.1, =0.2.0, =1.1.74b0, =0.1.11, =0.1.0, =1.0.0, =1.0.0, =1.0.29, =0.3.3, =0.3.6, =0.0.8, =0.1.5, =0.2.44 and more Source cves: CVE-2025-70559 Source advisory: OSV:GHSA-F83H-GHPP-7WCC...

EUVD-2025-38331

Insecure Deserialization pickle in pdfminer.six CMap Loader — Local Privesc...

GHSA-F83H-GHPP-7WCC Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

🚀 Overview This report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading. It shows how a low-privileged user can gain root access or escalate to any service account by exploiting insecure deserializatio...

Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

🚀 Overview This report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading. It shows how a low-privileged user can gain root access or escalate to any service account by exploiting insecure deserializatio...

achoz (>=0.3.0 <=0.3.42), aclpubcheck (>=0.1.0 <=0.2.0) +307 more potentially affected by CVE-2025-64512 via pdfminer-six (>=20140915.0.0 <=20250506.0.0)

pdfminer-six PYPI version =20140915.0.0, =0.3.0, =0.1.0, =0.8.1, =0.2.0, =1.1.74b0, =0.1.11, =0.1.0, =1.0.0, =1.0.0, =1.0.29, =0.3.3, =0.3.6, =0.0.8, =0.1.5, =0.2.44 and more Source cves: CVE-2025-64512 Source advisory: OSV:GHSA-WF5F-4JWR-PPCP...

EUVD-2025-38315

Arbitrary Code Execution in pdfminer.six via Crafted PDF Input...