Security Advisory

CVE-2026-25920

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-09 21:32:26

Last updated 2026-02-11 19:58:04

Assigner GitHub_M

State PUBLISHED

Description

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDFs MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read nearly (1 << codeLength) bytes beyond the CDIC dictionary buffer, leading to a crash.

← Browse all CVEs View on cve.org ↗