File CVE-2025-64512.patch of Package python-pdfminer.six.19212

From b808ee05dd7f0c8ea8ec34bdf394d40e63501086 Mon Sep 17 00:00:00 2001
From: Scott Tolley <michaeltolley21@hotmail.com>
Date: Fri, 7 Nov 2025 20:47:46 +0100
Subject: [PATCH] Fix: arbitary code execution when loading pickle font files

Fixes https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp

Fixes https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-f83h-ghpp-7wcc
---
 pdfminer/cmapdb.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Index: pdfminer.six-20200124/pdfminer/cmapdb.py
===================================================================
--- pdfminer.six-20200124.orig/pdfminer/cmapdb.py
+++ pdfminer.six-20200124/pdfminer/cmapdb.py
@@ -224,8 +224,14 @@ class CMapDB:
                       os.path.join(os.path.dirname(__file__), 'cmap'),)
         for directory in cmap_paths:
             path = os.path.join(directory, filename)
-            if os.path.exists(path):
-                gzfile = gzip.open(path)
+            # Resolve paths to prevent directory traversal
+            resolved_path = os.path.realpath(path)
+            resolved_directory = os.path.realpath(directory)
+            # Check if resolved path is within the intended directory
+            if not resolved_path.startswith(resolved_directory + os.sep):
+                continue
+            if os.path.exists(resolved_path):
+                gzfile = gzip.open(resolved_path)
                 try:
                     return type(str(name), (), pickle.loads(gzfile.read()))
                 finally: