CVE-2026-8733 - Vulnerability Details

- Investintech SlimPDFReader SlimPDFReader.exe sub_3B4610 stack-based overflow

Description

A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor responded to the initial vulnerability report by the researcher with a note that the product is discontinued. This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-05-17

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Investintech SlimPDFReader contains a stack-based buffer overflow in the sub_3B4610 function of SlimPDFReader.exe. The flaw allows an attacker to overflow the stack and potentially execute arbitrary code when the program processes a maliciously crafted PDF. This weakness is classified as CWE‑119 and CWE‑121 and could be leveraged to compromise the confidentiality, integrity, or availability of the affected system if an attacker succeeds.

Affected Systems

All installations of Investintech SlimPDFReader up to and including version 2.0.13 are affected. The product has been discontinued and is no longer supported by the vendor, meaning no official patches will be released.

Risk and Exploitability

The CVSS base score is 5.3, indicating a moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, which suggests no widespread exploitation at the time of this analysis. However, the flaw has a public exploit and can be triggered remotely, so the attack vector is likely over the network or via a malicious PDF delivered through any remote channel.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Investintech

SlimPDFReader

affected

Version	Status	Constraints
`2.0.0`	affected	—
`2.0.1`	affected	—
`2.0.2`	affected	—
`2.0.3`	affected	—
`2.0.4`	affected	—
`2.0.5`	affected	—
`2.0.6`	affected	—
`2.0.7`	affected	—
`2.0.8`	affected	—
`2.0.9`	affected	—
`2.0.10`	affected	—
`2.0.11`	affected	—
`2.0.12`	affected	—
`2.0.13`	affected	—

No data.

Vendor Product Confidence Versions

Investintech

Slimpdf Reader

95%

Version	Status	Scheme	Platform
`2.0.0`	affected	semver	—
`2.0.1`	affected	semver	—
`2.0.2`	affected	semver	—
`2.0.3`	affected	semver	—
`2.0.4`	affected	semver	—
`2.0.5`	affected	semver	—
`2.0.6`	affected	semver	—
`2.0.7`	affected	semver	—
`2.0.8`	affected	semver	—
`2.0.9`	affected	semver	—
`2.0.10`	affected	semver	—
`2.0.11`	affected	semver	—
`2.0.12`	affected	semver	—
`2.0.13`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Replace SlimPDFReader with a supported document viewer that does not contain the vulnerability.
Restrict network access to systems running the discontinued software and apply application-layer filtering to block malicious PDFs.
Monitor logs for abnormal process creation or memory usage that could indicate exploitation attempts.

Generated by OpenCVE AI on May 17, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://sharing.sit.fraunhofer.de/s/RYcqZbGqgZXxab2
https://vuldb.com/submit/809300
https://vuldb.com/vuln/364321
https://vuldb.com/vuln/364321/cti

History

Sun, 17 May 2026 05:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Investintech slimpdf Reader
Vendors & Products		Investintech slimpdf Reader

Sun, 17 May 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor responded to the initial vulnerability report by the researcher with a note that the product is discontinued. This vulnerability only affects products that are no longer supported by the maintainer.
Title		Investintech SlimPDFReader SlimPDFReader.exe sub_3B4610 stack-based overflow
First Time appeared		Investintech Investintech slimpdfreader
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:a:investintech:slimpdfreader::::::::
Vendors & Products		Investintech Investintech slimpdfreader
References		https://sharing.sit.fraunhofer.de/s/RYcqZbGqgZXxab2 https://vuldb.com/submit/809300 https://vuldb.com/vuln/364321 https://vuldb.com/vuln/364321/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Investintech Slimpdf Reader Slimpdfreader

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-17T04:30:09.631Z

Updated: 2026-05-17T04:30:09.631Z

Reserved: 2026-05-16T10:23:43.619Z

Link: CVE-2026-8733

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-17T05:16:16.920

Modified: 2026-05-17T05:16:16.920

Link: CVE-2026-8733

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-17T05:30:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object