Sumatrapdf
Monthly
SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers without signature verification, allowing network attackers to perform man-in-the-middle attacks and inject malicious code. An attacker with any valid TLS certificate can intercept update requests and redirect users to a malicious installer, achieving arbitrary code execution on Windows systems. Public exploit code exists for this vulnerability and no patch is currently available.
SumatraPDF versions 3.5.2 and earlier are vulnerable to a heap buffer over-read in the MOBI file parser due to incomplete bounds validation in the HuffDic decompressor, allowing attackers to crash the application by opening a malicious .mobi file. Public exploit code exists for this vulnerability. Local user interaction is required to trigger the vulnerability, and while denial of service is the primary impact, the out-of-bounds read could potentially leak sensitive memory contents.
SumatraPDF 3.5.2 and earlier on Windows allows arbitrary code execution when a user opens a PDF and selects "Show in folder," as the application executes a malicious explorer.exe binary from the same directory without warning. Public exploit code exists for this vulnerability, which affects any user who opens untrusted PDFs and interacts with the file menu option. An attacker can achieve code execution with the privileges of the victim's user account through a simple social engineering attack.
SumatraPDF on Windows is vulnerable to a denial-of-service attack through a maliciously crafted Mobi file that triggers an integer underflow in record validation, causing an out-of-bounds heap read and application crash. The vulnerability stems from an off-by-one error in the PalmDbReader::GetRecord function that only occurs with exactly 2 records, and public exploit code is available. No patch has been released at this time.
SumatraPDF 3.5.2 and earlier on Windows contains an untrusted search path vulnerability in the Advanced Options feature that allows arbitrary code execution through a malicious notepad.exe placed in the application directory. An attacker with local access can exploit this when a user triggers the Advanced Options setting, as the application fails to specify an absolute path when launching notepad.exe. Public exploit code exists for this vulnerability, and a patch is available.
A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers without signature verification, allowing network attackers to perform man-in-the-middle attacks and inject malicious code. An attacker with any valid TLS certificate can intercept update requests and redirect users to a malicious installer, achieving arbitrary code execution on Windows systems. Public exploit code exists for this vulnerability and no patch is currently available.
SumatraPDF versions 3.5.2 and earlier are vulnerable to a heap buffer over-read in the MOBI file parser due to incomplete bounds validation in the HuffDic decompressor, allowing attackers to crash the application by opening a malicious .mobi file. Public exploit code exists for this vulnerability. Local user interaction is required to trigger the vulnerability, and while denial of service is the primary impact, the out-of-bounds read could potentially leak sensitive memory contents.
SumatraPDF 3.5.2 and earlier on Windows allows arbitrary code execution when a user opens a PDF and selects "Show in folder," as the application executes a malicious explorer.exe binary from the same directory without warning. Public exploit code exists for this vulnerability, which affects any user who opens untrusted PDFs and interacts with the file menu option. An attacker can achieve code execution with the privileges of the victim's user account through a simple social engineering attack.
SumatraPDF on Windows is vulnerable to a denial-of-service attack through a maliciously crafted Mobi file that triggers an integer underflow in record validation, causing an out-of-bounds heap read and application crash. The vulnerability stems from an off-by-one error in the PalmDbReader::GetRecord function that only occurs with exactly 2 records, and public exploit code is available. No patch has been released at this time.
SumatraPDF 3.5.2 and earlier on Windows contains an untrusted search path vulnerability in the Advanced Options feature that allows arbitrary code execution through a malicious notepad.exe placed in the application directory. An attacker with local access can exploit this when a user triggers the Advanced Options setting, as the application fails to specify an absolute path when launching notepad.exe. Public exploit code exists for this vulnerability, and a patch is available.
A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.