CNNVD-202511-894 Information
CNNVD ID
CNNVD-202511-894
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
pdfminer.six是pdfminer开源的一款用于从PDF文档中提取信息的工具。 pdfminer.six 20251107之前版本存在代码问题漏洞,该漏洞源于CMapDB._load_data函数使用pickle.loads反序列化恶意pickle文件,可能导致执行任意代码。
Description (English)
pdfminer.six is a tool for extracting information from PDF files. The pre-pdfminer.six 20251107 version has a code problem loophole, which stems from the use of the CMapDB. load data function of pickle.loads back-sequencing malicious pickle files, which may result in the execution of any code.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
pdfminer
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/pdfminer/pdfminer.six/commit/b808ee05dd7f0c8ea8ec34bdf394d40e63501086 https://github.com/pdfminer/pdfminer.six/releases/tag/20251107 https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp
Patch
https://pdfminersix.readthedocs.io/en/latest/
Share on: