Description
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-04-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution via file overwrite
Action: Immediate Patch
AI Analysis

Impact

An attacker can supply a specially crafted file to the import function of Docudepot PDF Reader: PDF Viewer App v1.0.34, causing the application to overwrite internal files such as executables or configuration data. The overwrite can enable the execution of malicious code or expose sensitive information. The vulnerability originates from a path traversal/incorrect file handling weakness that allows unauthenticated file replacement without validation.

Affected Systems

The vulnerable product is Docudepot PDF Reader: PDF Viewer App version 1.0.34. No other vendors or product versions are listed as affected.

Risk and Exploitability

The severity is high with a CVSS score of 8.4. An EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker delivering a malicious file to the user’s device and tricking or forcing the application to import it, which then triggers the overwrite. The risk is significant because successful exploitation can lead to full code execution or data exposure.

Generated by OpenCVE AI on April 2, 2026 at 03:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Uninstall the Docudepot PDF Reader App until a vendor patch is released or removed from the device
  • If the app must remain, disable or remove the file import functionality and reduce storage permissions so the app cannot write outside its own sandbox
  • Actively monitor the vendor’s GitHub or Bitbucket repository, the Apps Store page, and reputable security advisories for an update or correction, and apply any available patch immediately
  • Consider running the app in a sandboxed or isolated user profile to limit its access to critical system files
  • Verify the integrity of any file before it is imported, for example by checking checksums or using a digital signature mechanism

Generated by OpenCVE AI on April 2, 2026 at 03:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Docudepot
Docudepot pdf Reader App
Vendors & Products Docudepot
Docudepot pdf Reader App

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Weaknesses CWE-73
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Docudepot Pdf Reader App
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T18:02:16.429Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30292

cve-icon Vulnrichment

Updated: 2026-04-01T18:01:29.153Z

cve-icon NVD

Status : Deferred

Published: 2026-04-01T15:22:59.057

Modified: 2026-04-27T19:18:46.690

Link: CVE-2026-30292

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T08:59:03Z

Weaknesses