Description
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read nearly (1 << codeLength) bytes beyond the CDIC dictionary buffer, leading to a crash.
Published: 2026-02-09
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Exposure / Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an out‑of‑bounds heap read in the MOBI HuffDic decompressor. A malformed .mobi file allows the program to read memory beyond the CDIC dictionary buffer, potentially exposing sensitive data and causing a crash. The read occurs because the bounds check in AddCdicData() covers only part of the range actually accessed by DecodeOne().

Affected Systems

SumatraPDF read software for Windows, provided by SumatraPDFReader. Versions 3.5.2 and earlier are affected. The issue resides in the MOBI support component.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% shows a low likelihood of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. The typical attack requires a user to open a crafted .mobi file, so the vector is local or requires social engineering. Successful exploitation results in denial of service via a crash and may expose data from the heap.

Generated by OpenCVE AI on April 17, 2026 at 21:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SumatraPDF to the latest version that includes the fix for the MOBI HuffDic out‑of‑bounds read.
  • Avoid opening or processing untrusted .mobi files until an update is applied or MOBI support is disabled in the settings.
  • Regularly check the vendor’s security advisories and update schedule for any new patches.

Generated by OpenCVE AI on April 17, 2026 at 21:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:sumatrapdfreader:sumatrapdf:*:*:*:*:*:*:*:*

Wed, 11 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Description SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, tA heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read nearly (1 << codeLength) bytes beyond the CDIC dictionary buffer, leading to a crash. SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read nearly (1 << codeLength) bytes beyond the CDIC dictionary buffer, leading to a crash.

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Sumatrapdfreader
Sumatrapdfreader sumatrapdf
Vendors & Products Sumatrapdfreader
Sumatrapdfreader sumatrapdf

Mon, 09 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Description SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, tA heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read nearly (1 << codeLength) bytes beyond the CDIC dictionary buffer, leading to a crash.
Title SumatraPDF has a heap out-of-bounds read in MOBI HuffDic decompressor
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Sumatrapdfreader Sumatrapdf
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-11T19:58:04.411Z

Reserved: 2026-02-09T16:22:17.784Z

Link: CVE-2026-25920

cve-icon Vulnrichment

Updated: 2026-02-10T15:30:06.209Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T22:16:04.320

Modified: 2026-02-20T20:22:56.380

Link: CVE-2026-25920

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:15:27Z

Weaknesses