GHSA-m8gf-v64p-gfmg: BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py
Summary
BabelDOC's PDF parser has a critical vulnerability where it deserializes untrusted pickle data from CMap files without proper path validation. An attacker can craft a malicious PDF with a specially encoded filename in the `/Encoding` name field (e.g., `/#2Ftmp#2Fattacker#2Fevil`, which decodes to `/tmp/attacker/evil`) that tricks the path-joining logic into loading an attacker-controlled pickle file instead of a trusted one, leading to arbitrary code execution (running attacker code with the program's permissions).
Vulnerability Details
EPSS: 0.0%
Yes
July 10, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-m8gf-v64p-gfmg
First tracked: July 10, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 85%