Skip to main content

SlimPDFReader CVE-2026-8733

| EUVDEUVD-2026-30682 LOW
Stack-based Buffer Overflow (CWE-121)
2026-05-17 VulDB GHSA-j7p9-2c5r-5rg7
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
Severity Changed
May 17, 2026 - 05:22 NVD
MEDIUM LOW
CVSS changed
May 17, 2026 - 05:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 17, 2026 - 05:14 vuln.today

DescriptionCVE.org

A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor responded to the initial vulnerability report by the researcher with a note that the product is discontinued. This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in Investintech SlimPDFReader ≤2.0.13 enables remote code execution when victims open malicious PDF files. The vulnerability exists in the sub_3B4610 function of SlimPDFReader.exe and requires no authentication but depends on user interaction (opening crafted PDF). Public exploit code is available via Fraunhofer SIT, significantly lowering attacker barrier. The vendor has discontinued the product with no remediation planned, leaving users with no official patch and requiring migration to alternative PDF readers.

Technical ContextAI

This is a classic stack-based buffer overflow (CWE-121) in the PDF parsing logic of SlimPDFReader.exe, specifically within the sub_3B4610 subroutine. Stack-based overflows occur when input data exceeds allocated buffer space on the call stack, allowing attackers to overwrite return addresses and redirect program execution. The vulnerability resides in the PDF file parsing engine, likely triggered during malformed object processing or stream handling. The affected CPE (cpe:2.3:a:investintech:slimpdfreader) confirms impact to all versions through 2.0.13. As a Windows executable-based application, successful exploitation can lead to arbitrary code execution with the privileges of the user running SlimPDFReader, typically standard user permissions on modern Windows systems with UAC enabled.

RemediationAI

Immediately uninstall SlimPDFReader and migrate to actively maintained PDF reader software such as Adobe Acrobat Reader DC, Foxit PDF Reader, or PDF-XChange Editor. The vendor has confirmed product discontinuation with no patch planned (CVSS RL:X temporal metric). No workaround exists for this stack-based overflow beyond complete product removal. Transitional compensating controls include: Restrict PDF file access to trusted sources only via email filtering and web proxies (reduces social engineering attack surface but does not prevent exploitation of legitimate-appearing PDFs from compromised trusted parties). Deploy application whitelisting (Windows Defender Application Control or AppLocker) to prevent SlimPDFReader.exe execution (effective block but may disrupt legitimate workflows if users depend on the application). Enable Windows Exploit Protection features for SlimPDFReader.exe including DEP and ASLR (may reduce exploit reliability but does not eliminate vulnerability, and protection bypasses exist in public research). All compensating controls are temporary only - permanent remediation requires product replacement. Reference the public POC at https://sharing.sit.fraunhofer.de/s/RYcqZbGqgZXxab2 for technical validation, and vendor statement at https://vuldb.com/vuln/364321 for discontinuation confirmation.

Share

CVE-2026-8733 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy