We inherited some insecure code from pdfminer.six, which this release finally fixes. Thanks to @mtolley for finding the problems in pdfminer.six and contacting me!
What's Changed
- Fix horrible inefficiency (borderline DoS) in decompress_corrupted by @dhdaines in #177
- Fix path traversal and deserialization vulnerabilities in cmap code by @dhdaines in #179
Full Changelog: v0.7.1...v0.7.2
Contributors
dhdaines and mtolley