CVE-2026-23951

← CVEs

MED 5.5

Published

2026-01-22

Last Modified

2026-02-17

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting in an out-of-bounds heap read that crashes the app. There are no published fixes at the time of publication.

Affected Applications in Environment 3

SumatraPDF v3.5.2

2 devices

SumatraPDF v3.1.2

4 devices

SumatraPDF v3.4.6

3 devices

Affected Devices 8

ATWOOD-453Z1G3 Windows DPCPD-14GYNV2 Windows DPCPD-3BCC3W2 Windows DPCPD-4DNTDW2 Windows DPCUBC-9MYYYQ2 Windows DPMATH-137960 Windows DPSLFC-224000BM Windows ECERC123-MJ-0G1 Windows

References 2

https://github.com/sumatrapdfreader/sumatrapdf/blob/master/src/PalmDbReader.cpp
https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-hj4w-c5x8-p2hv