vulnerability

Debian: CVE-2025-70559: pdfminer -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Feb 5, 2026	Feb 5, 2026	Feb 12, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Feb 5, 2026

Added

Feb 5, 2026

Modified

Feb 12, 2026

Description

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the application can trigger arbitrary code execution or privilege escalation when the file is loaded by a trusted process. This is caused by an incomplete patch to CVE-2025-64512.

Solution

debian-upgrade-pdfminer

References

CVE-2025-70559
https://attackerkb.com/topics/CVE-2025-70559
CWE-502
DEBIAN-DLA-4374-2

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today