Description
SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting in an out-of-bounds heap read that crashes the app. There are no published fixes at the time of publication.
Published: 2026-01-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Workaround
AI Analysis

Impact

SumatraPDF contains an off‑by‑one error in the completion of the PalmDbReader::GetRecord routine when parsing a Mobi file with exactly two records. The bug causes an integer underflow during a size calculation, leading to an out‑of‑bounds heap read that triggers a crash of the application. The crash is non‑reversible and results in denial of service for the affected user. This weakness falls under CWE‑125 (Out‑of‑Bounds Read), CWE‑191 (Signed Integer Overflow), and CWE‑193 (Type Conversion Error).

Affected Systems

SumatraPDF (sumatrapdfreader:sumatrapdf) on Windows, all released versions affected. The warning applies to any installation of SumatraPDF that respects the current default file handling for Mobi (Palm database) files.

Risk and Exploitability

The CVSS score of 5.5 classifies the vulnerability as medium severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely local or low‑enumeration: the attacker must supply a crafted Mobi file that the victim opens or that is processed by the application automatically. No known published exploitation code exists beyond the laboratory trigger.

Generated by OpenCVE AI on April 18, 2026 at 18:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Avoid opening unknown or untrusted Mobi files, as the crash is triggered by a crafted file.
  • Remove the PalmDbReader plugin or configure the application to blacklist Mobi format files to eliminate the possibility of an attack.
  • Employ endpoint protection that scans for malformed Mobi files before they reach the application, thereby reducing the risk of a crash.

Generated by OpenCVE AI on April 18, 2026 at 18:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-193
CPEs cpe:2.3:a:sumatrapdfreader:sumatrapdf:-:*:*:*:*:*:*:*

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Sumatrapdfreader
Sumatrapdfreader sumatrapdf
Vendors & Products Sumatrapdfreader
Sumatrapdfreader sumatrapdf

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 22 Jan 2026 00:45:00 +0000

Type Values Removed Values Added
Description SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting in an out-of-bounds heap read that crashes the app. There are no published fixes at the time of publication.
Title SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash
Weaknesses CWE-125
CWE-191
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Sumatrapdfreader Sumatrapdf
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-22T21:44:27.284Z

Reserved: 2026-01-19T14:49:06.312Z

Link: CVE-2026-23951

cve-icon Vulnrichment

Updated: 2026-01-22T21:44:22.321Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T01:15:52.633

Modified: 2026-02-17T16:48:48.433

Link: CVE-2026-23951

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:00:08Z

Weaknesses