CNNVD-202602-337 Information
Feb 03, 2026
cve
CNNVD ID
CNNVD-202602-337
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
pdfminer.six是pdfminer开源的一款用于从PDF文档中提取信息的工具。 pdfminer.six 20251230之前版本存在安全漏洞,该漏洞源于CMap加载机制中使用Python pickle反序列化CMap缓存文件而未经验证,可能导致任意代码执行或权限提升。
Description (English)
pdfminer.six is a tool for extracting information from PDF files. pdfminer.six 20251230 has a security loophole which stems from the unverified use of Python pickle anti-sequencing CMAP caches in the CMAP loading mechanism, which may result in arbitrary code execution or enhanced privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
pdfminer
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/advisories/GHSA-f83h-ghpp-7wcc https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-f83h-ghpp-7wcc
Patch
https://github.com/pdfminer/pdfminer.six/releases
Share on: