Sumatrapdfreader Sumatrapdf
13 CVEs affecting Sumatrapdfreader Sumatrapdf. Latest disclosed: 2026-02-09. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23512 | High | 8.6 | 2026-01-14 | SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger… |
CVE-2026-25880 | High | 7.8 | 2026-02-09 | SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same… |
CVE-2012-5340 | High | 7.8 | 2020-01-23 | SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. |
CVE-2013-2830 | High | 7.8 | 2018-02-08 | Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file. |
CVE-2026-25961 | High | 7.5 | 2026-02-09 | SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE… |
CVE-2025-57248 | High | 7.3 | 2025-09-15 | A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is opened, the applica… |
CVE-2026-25920 | Medium | 5.5 | 2026-02-09 | SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor… |
CVE-2026-23951 | Medium | 5.5 | 2026-01-22 | SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, cau… |
CVE-2023-33802 | Medium | 5.5 | 2023-07-26 | A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file. |
CVE-2009-1605 | Medium | 5.4 | 2009-05-11 | Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9… |
CVE-2012-4896 | | 2012-10-05 | Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability tha… | |
CVE-2012-4895 | | 2012-10-05 | Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability tha… | |
CVE-2009-4117 | | 2009-12-01 | Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to caus… |