Description

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the application can trigger arbitrary code execution or privilege escalation when the file is loaded by a trusted process. This is caused by an incomplete patch to CVE-2025-64512.

INFO

Published Date :

2026-02-03T00:00:00.000Z

Last Modified :

2026-02-11T17:14:25.693Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-70559 vulnerability.

Vendors Products
Pdfminer
  • Pdfminer.six
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-70559.

URL Resource
https://github.com/advisories/GHSA-f83h-ghpp-7wcc cve-icon cve-icon
https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-f83h-ghpp-7wcc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact