CVE-2025-57248

High CVSS: 7.3

A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is opened, the application crashes inside libmupdf.dll, specifically in the DataPool::has_data() function.

Vendor

Sumatrapdfreader

Product

Sumatrapdf

CWE

CWE-476

Yayın Tarihi

2025-09-15 16:15:39

Güncelleme

2025-09-20 02:48:48

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-476 Sumatrapdf HIGH Sumatrapdfreader 2025

Referanslar

https://github.com/sumatrapdfreader/sumatrapdf/issues/5035

Benzer Kayıtlar

Medium

CVE-2026-25920

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in…

High

CVE-2026-25961

SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS host…

High

CVE-2026-25880

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious bi…

Medium

CVE-2026-23951

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that on…

High

CVE-2026-23512

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability wh…