CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/pdfminer/pdfminer.six/commit/b808ee05dd7f0c8ea8ec34bdf394d40e63501086	Patch
https://github.com/pdfminer/pdfminer.six/releases/tag/20251107	Release Notes
https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp	Exploit Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/11/msg00017.html	Mailing List
https://lists.debian.org/debian-lts-announce/2026/01/msg00005.html
https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pdfminer:pdfminer.six:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-11-10 22:15

Updated : 2026-01-08 22:16

NVD link : CVE-2025-64512

Mitre link : CVE-2025-64512

CVE.ORG link : CVE-2025-64512

JSON object : View

Products Affected

debian

debian_linux

pdfminer

pdfminer.six

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2025-64512", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-11-10T22:15:40.067", "references": [{"url": "https://github.com/pdfminer/pdfminer.six/commit/b808ee05dd7f0c8ea8ec34bdf394d40e63501086", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pdfminer/pdfminer.six/releases/tag/20251107", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00017.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue."}, {"lang": "es", "value": "Pdfminer.six es una bifurcaci\u00f3n mantenida por la comunidad del PDFMiner original, una herramienta para extraer informaci\u00f3n de documentos PDF. Antes de la versi\u00f3n 20251107, pdfminer.six ejecutar\u00e1 c\u00f3digo arbitrario de un archivo pickle malicioso si se le proporciona un archivo PDF malicioso. La funci\u00f3n 'CMapDB._load_data()' en pdfminer.six utiliza 'pickle.loads()' para deserializar archivos pickle. Se supone que estos archivos pickle forman parte de la distribuci\u00f3n de pdfminer.six almacenada en el directorio 'cmap/', pero un PDF malicioso puede especificar un directorio y nombre de archivo alternativos siempre que el nombre de archivo termine en '.pickle.gz'. Un archivo pickle malicioso y comprimido puede entonces contener c\u00f3digo que se ejecutar\u00e1 autom\u00e1ticamente cuando se procese el PDF. La versi\u00f3n 20251107 corrige el problema."}], "lastModified": "2026-01-08T22:16:02.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pdfminer:pdfminer.six:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65CBF05A-13FD-4266-836F-004480539B0C", "versionEndExcluding": "2025-11-07"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}