CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

Veracode•added 2026/05/07 9:32 a.m.•4 views

Insecure Deserialization

pdfminer.six vulnerable to insecure deserialization. The vulnerability is due to the unsafe use of Python pickle for deserializing CMap cache files without proper validation, which allows an attacker to place a malicious pickle file in an accessible location and execute arbitrary code or escalate...

6.5CVSS6.2AI score0.00075EPSS

Exploits0References2Affected Software1

OSV•added 2026/02/03 6:30 p.m.•1 views

GHSA-8X2R-V9X5-3QGH Duplicate Advisory: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f83h-ghpp-7wcc. This link is maintained to preserve external references. Original Description pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The...

7.8CVSS6.3AI score0.00075EPSS

Exploits0References4

Github Security Blog•added 2026/02/03 6:30 p.m.•5 views

Duplicate Advisory: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

7.8AI score

Exploits0References4Affected Software1

OSV•added 2026/02/03 6:16 p.m.•1 views

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

6.5CVSS6.4AI score

Exploits0References2

UbuntuCve•added 2026/02/03 6:16 p.m.•1 views

CVE-2025-70559

6.5CVSS6.4AI score0.00075EPSS

Exploits0References4

Cvelist•added 2026/02/03 12:0 a.m.•23 views

CVE-2025-70559

0.00075EPSS

Exploits0References2

CNNVD•added 2026/02/03 12:0 a.m.•2 views

pdfminer.six 安全漏洞

pdfminer.six is an open-source tool developed by pdfminer for extracting information from PDF documents. Versions prior to 20251230 of pdfminer.six contained security vulnerabilities. These vulnerabilities stemmed from the CMap loading mechanism, where the Python pickle mechanism was used to...

6.5CVSS6.3AI score0.00075EPSS

Exploits0References2

EUVD•added 2026/02/03 12:0 a.m.•2 views

EUVD-2025-206704

8.6CVSS6.4AI score0.00143EPSS

Exploits1References2

Vulnrichment•added 2026/02/03 12:0 a.m.•1 views

CVE-2025-70559

6.4AI score0.00075EPSS

Exploits0References2

ATTACKERKB•added 2026/02/03 12:0 a.m.•1 views

CVE-2025-70559

8.6CVSS6.4AI score0.00143EPSS

Exploits1References3

OSV•added 2025/12/01 2:29 p.m.•2 views

ROOT-APP-PYPI-GHSA-WF5F-4JWR-PPCP GHSA-wf5f-4jwr-ppcp in rootio-pdfminer.six - Patched by Root

Root has patched GHSA-wf5f-4jwr-ppcp in the rootio-pdfminer.six package for Root:PyPI. Multiple fixed versions available...

5.4AI score

Exploits0

Fedora•added 2025/11/17 3:36 a.m.•5 views

[SECURITY] Fedora 41 Update: python-pdfminer-20240706-3.fc41

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

8.6CVSS6.4AI score0.00143EPSS

Exploits1

OPENSUSE Linux•added 2025/11/12 12:0 a.m.•4 views

python311-pdfminer.six-20251107-1.1 on GA media (moderate)

python311-pdfminer.six-20251107-1.1 on GA media Announcement ID: openSUSE-SU-2025:15727-1 Rating: moderate Cross-References: CVE-2025-64512 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

8.6CVSS6.9AI score0.00143EPSS

Exploits1

Tenable Nessus•added 2025/11/11 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-64512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107,...

8.6CVSS7.5AI score0.00143EPSS

Exploits1References2

OSV•added 2025/11/10 10:15 p.m.•1 views

DEBIAN-CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

7.8CVSS7.8AI score0.00143EPSS

Exploits1References1

NVD•added 2025/11/10 10:15 p.m.•2 views

CVE-2025-64512

8.6CVSS0.00143EPSS

Exploits1References5

Vulnrichment•added 2025/11/10 9:58 p.m.•1 views

CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input

8.6CVSS6.7AI score0.00143EPSS

Exploits1References3

EUVD•added 2025/11/10 9:58 p.m.•2 views

EUVD-2025-50815

8.6CVSS6.8AI score0.00143EPSS

Exploits1References3

CNNVD•added 2025/11/10 12:0 a.m.•1 views

pdfminer.six 代码问题漏洞

pdfminer.six is pdfminer open source a tool for extracting information from PDF documents . A code issue vulnerability exists in versions prior to pdfminer.six 20251107, which stems from the CMapDB.loaddata function using pickle.loads to deserialize a malicious pickle file, which could lead to th...

8.6CVSS6.7AI score0.00143EPSS

Exploits1References3

Snyk•added 2025/11/07 11:17 p.m.•2 views

Deserialization of Untrusted Data

Overview pdfminer.six is a PDF parser and analyzer Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CMap loading process. An attacker can execute arbitrary code with the privileges of the process running the library by placing a malicious .pickle.gz fi...

7.3CVSS7.8AI score0.00075EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by