Sumatrapdfreader Sumatrapdf — known CVE vulnerabilities
Every CVE whose affected-product data names Sumatrapdfreader Sumatrapdf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2012-4896 — CVSS 9.3 (critical): Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a…
CVE-2009-4117 — CVSS 9.3 (critical): Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow…
CVE-2012-4895 — CVSS 9.3 (critical): Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a…
CVE-2026-23512 — CVSS 8.6 (high): SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options…
CVE-2012-5340 — CVSS 7.8 (high): SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
CVE-2013-2830 — CVSS 7.8 (high): Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2026-25880 — CVSS 7.8 (high): SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe)…
CVE-2026-25961 — CVSS 7.5 (high): SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification…
CVE-2025-57248 — CVSS 7.3 (high): A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is…
CVE-2023-33802 — CVSS 5.5 (medium): A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.
CVE-2026-23951 — CVSS 5.5 (medium): SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with…
CVE-2026-25920 — CVSS 5.5 (medium): SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI…
CVE-2009-1605 — CVSS 5.4 (medium): Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as…