Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the application can trigger arbitrary code execution or privilege escalation when the file is loaded by a trusted process. This is caused by an incomplete patch to CVE-2025-64512.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
pdfminer.six 安全漏洞
Vulnerability Description
pdfminer.six是pdfminer开源的一款用于从PDF文档中提取信息的工具。 pdfminer.six 20251230之前版本存在安全漏洞,该漏洞源于CMap加载机制中使用Python pickle反序列化CMap缓存文件而未经验证,可能导致任意代码执行或权限提升。
CVSS Information
N/A
Vulnerability Type
N/A