Skip to main content

Slimpdfreader

2 CVEs product

Monthly

CVE-2026-13522 LOW Monitor

Out-of-bounds read in Investintech SlimPDFReader through version 2.0.14 exposes users to application crashes when processing maliciously crafted PDF files, exploitable remotely with passive user interaction. The vulnerable function `SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0` within `SlimPDFReader.exe` fails to validate buffer boundaries during PDF parsing, resulting in a low-severity availability impact (application crash/DoS) with no confirmed confidentiality or integrity effect despite the 'Information Disclosure' tag in source metadata. No public exploit identified at time of analysis beyond the CVSS 4.0 E:P maturity indicator, and no patch will ever be released as the product is confirmed end-of-life.

Buffer Overflow Information Disclosure Slimpdfreader
NVD VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-8733 LOW POC Monitor

Stack-based buffer overflow in Investintech SlimPDFReader ≤2.0.13 enables remote code execution when victims open malicious PDF files. The vulnerability exists in the sub_3B4610 function of SlimPDFReader.exe and requires no authentication but depends on user interaction (opening crafted PDF). Public exploit code is available via Fraunhofer SIT, significantly lowering attacker barrier. The vendor has discontinued the product with no remediation planned, leaving users with no official patch and requiring migration to alternative PDF readers.

Buffer Overflow Stack Overflow Slimpdfreader
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
EPSS 0% CVSS 2.1
LOW Monitor

Out-of-bounds read in Investintech SlimPDFReader through version 2.0.14 exposes users to application crashes when processing maliciously crafted PDF files, exploitable remotely with passive user interaction. The vulnerable function `SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0` within `SlimPDFReader.exe` fails to validate buffer boundaries during PDF parsing, resulting in a low-severity availability impact (application crash/DoS) with no confirmed confidentiality or integrity effect despite the 'Information Disclosure' tag in source metadata. No public exploit identified at time of analysis beyond the CVSS 4.0 E:P maturity indicator, and no patch will ever be released as the product is confirmed end-of-life.

Buffer Overflow Information Disclosure Slimpdfreader
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Stack-based buffer overflow in Investintech SlimPDFReader ≤2.0.13 enables remote code execution when victims open malicious PDF files. The vulnerability exists in the sub_3B4610 function of SlimPDFReader.exe and requires no authentication but depends on user interaction (opening crafted PDF). Public exploit code is available via Fraunhofer SIT, significantly lowering attacker barrier. The vendor has discontinued the product with no remediation planned, leaving users with no official patch and requiring migration to alternative PDF readers.

Buffer Overflow Stack Overflow Slimpdfreader
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy