Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-70559

Опубликовано: 03 фев. 2026
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the application can trigger arbitrary code execution or privilege escalation when the file is loaded by a trusted process. This is caused by an incomplete patch to CVE-2025-64512.

Ссылки

EPSS

Процентиль: 22%
0.00072
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-502

Связанные уязвимости

ubuntu логотип

CVE-2025-70559

CVSS3: 6.5
ubuntu
2 месяца назад

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the application can trigger arbitrary code execution or privilege escalation when the file is loaded by a trusted process. This is caused by an incomplete patch to CVE-2025-64512.

debian логотип

CVE-2025-70559

CVSS3: 6.5
debian
2 месяца назад

pdfminer.six before 20251230 contains an insecure deserialization vuln ...

github логотип

GHSA-f83h-ghpp-7wcc

CVSS3: 7.8
github
5 месяцев назад

Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

EPSS

Процентиль: 22%
0.00072
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-502