Browse all 5 CVE security advisories affecting sumatrapdfreader. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SumatraPDF Reader serves as a lightweight PDF viewer for Windows, prioritizing speed and minimal resource usage. Historically, it has been susceptible to multiple remote code execution vulnerabilities, often through crafted PDF files leveraging buffer overflows or parsing flaws. Other common issues include cross-site scripting and privilege escalation flaws. The application's small codebase and infrequent updates have contributed to security gaps, with five CVEs recorded to date. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities in document parsing highlights risks for users handling untrusted PDF content, particularly in environments where security is a primary concern.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25961 | SumatraPDF Update MITM -> Arbitrary Code Execution — sumatrapdfCWE-295 | 7.5 | High | 2026-02-09 |
| CVE-2026-25920 | SumatraPDF has a heap out-of-bounds read in MOBI HuffDic decompressor — sumatrapdfCWE-125 | 5.5 | Medium | 2026-02-09 |
| CVE-2026-25880 | Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows) — sumatrapdfCWE-426 | 7.8 | High | 2026-02-09 |
| CVE-2026-23951 | SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash — sumatrapdfCWE-125 | 5.5 | Medium | 2026-01-22 |
| CVE-2026-23512 | SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp — sumatrapdfCWE-426 | 8.6 | High | 2026-01-14 |
This page lists every published CVE security advisory associated with sumatrapdfreader. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.