FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-11-21 11:10:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fa433f05-c217-11f0-82ac-901b0edee044py-pdfminer.six -- Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

Pieter Marsman reports:

pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB._load_data() function in pdfminer.six uses pickle.loads() to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the cmap/ directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in .pickle.gz. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed.


Discovery 2025-11-07
Entry 2025-11-17
py310-pdfminer.six
py311-pdfminer.six
py312-pdfminer.six
py313-pdfminer.six
py313t-pdfminer.six
py314-pdfminer.six
< 20251107

CVE-2025-64512
https://nvd.nist.gov/vuln/detail/CVE-2025-64512