Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
AnalysisAI
Arbitrary file overwrite in Docudepot PDF Reader v1.0.34 enables attackers to overwrite critical internal files through the file import process, resulting in arbitrary code execution or information exposure. The vulnerability affects the mobile PDF viewer application across Android platforms. No public exploit code or active exploitation has been confirmed at time of analysis, though the severity of potential impact (RCE) warrants immediate investigation and patching.
Technical ContextAI
The vulnerability stems from insufficient input validation and improper file handling during the PDF import process in Docudepot PDF Reader. The application fails to implement adequate path traversal protections when processing imported files, allowing attackers to specify arbitrary file paths that overwrite system or application-critical files. This type of flaw typically falls under improper resource validation or insufficient access controls. The affected product is a mobile PDF viewing and editing application distributed via the Google Play Store, making it accessible to a broad user base on Android devices.
RemediationAI
Users should immediately update Docudepot PDF Reader to the latest available version via Google Play Store, as no specific patched version number is provided in the available data. If an update is not yet available, users should avoid importing PDF files or other documents from untrusted sources and consider using alternative PDF readers until a patch is released. Developers and maintainers should consult the GitHub issue at https://github.com/Secsys-FDU/AF_CVEs/issues/20 and vendor advisory at https://docudepot.bitbucket.io/ for technical remediation details and apply input validation and path traversal protections to the file import functionality.
Same weakness CWE-73 – External Control of File Name or Path
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17893