Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SumatraPDF has a heap out-of-bounds read in MOBI HuffDic decompressor
Vulnerability Description
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read nearly (1 << codeLength) bytes beyond the CDIC dictionary buffer, leading to a crash.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
sumatrapdf 缓冲区错误漏洞
Vulnerability Description
sumatrapdf是sumatrapdfreader开源的一个PDF阅读器。 SumatraPDF 3.5.2及之前版本存在缓冲区错误漏洞,该漏洞源于MOBI HuffDic解压缩器存在堆越界读取,可能导致崩溃。
CVSS Information
N/A
Vulnerability Type
N/A