sumatrapdf icon indicating copy to clipboard operation
sumatrapdf copied to clipboard
verified publisher icon sumatrapdfreader

CVE-2025-57248 A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2

Open AndersRipa opened this issue 2 months ago • 1 comments

SumatraPDF version

  • Version 3.5.2

Describe the bug Published: 2025-09-15 Updated: 2025-09-15 Fom: https://www.cve.org/CVERecord?id=CVE-2025-57248 Description A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is opened, the application crashes inside libmupdf.dll, specifically in the DataPool::has_data() function.

Product Status Learn more Information not provided

References 1 Total https://github.com/sumatrapdfreader/sumatrapdf/issues/5035

To Reproduce

  1. Scroll down to '....'
  2. See error

Expected behavior A clear and concise description of what you expected to happen.

File that reproduces the problem If this is related to a specific PDF etc. file, please attach the file.

Screenshots If applicable, add screenshots to help explain your problem.

Additional context This is flagged by Acronis True Image as a Medium vulnerability and no updated version is available.

AndersRipa avatar Oct 24 '25 08:10 AndersRipa

This should have been addressed with a djvu update see https://github.com/sumatrapdfreader/sumatrapdf/commit/c625636b95658c839f9695de150b4223e94bebae

GitHubRulesOK avatar Oct 25 '25 16:10 GitHubRulesOK