Sumatrapdfreader Sumatrapdf

13 CVEs affecting Sumatrapdfreader Sumatrapdf. Latest disclosed: 2026-02-09. Critical: 0, High: 6.

Top CVEs affecting Sumatrapdfreader Sumatrapdf
CVESeverityScorePublishedSummary
CVE-2026-23512High8.62026-01-14SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger…
CVE-2026-25880High7.82026-02-09SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same…
CVE-2012-5340High7.82020-01-23SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
CVE-2013-2830High7.82018-02-08Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2026-25961High7.52026-02-09SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE…
CVE-2025-57248High7.32025-09-15A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is opened, the applica…
CVE-2026-25920Medium5.52026-02-09SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor…
CVE-2026-23951Medium5.52026-01-22SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, cau…
CVE-2023-33802Medium5.52023-07-26A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.
CVE-2009-1605Medium5.42009-05-11Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9…
CVE-2012-48962012-10-05Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability tha…
CVE-2012-48952012-10-05Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability tha…
CVE-2009-41172009-12-01Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to caus…