Heap-based Buffer Overflow in MuPDF Affects SumatraPDF
CVE-2009-1605

5.4MEDIUM

Key Information:

Vendor

SumatraPDFreader

Status
SumatraPDF
Vendor
CVE Published:
11 May 2009

What is CVE-2009-1605?

A heap-based buffer overflow vulnerability exists in the loadexponentialfunc function within MuPDF's pdf_function.c file. Specifically, this issue affects the mupdf-20090223-win32 package, which is utilized by SumatraPDF versions 0.9.3 and earlier. Attackers can exploit this vulnerability by sending specially crafted PDF files to execute arbitrary code on the victim’s system, potentially leading to compromised security and unauthorized access.

References

http://secunia.com/advisories/34916
third-party-advisory
http://www.vupen.com/english/advisories/2009/1185
vdb-entry
http://www.vupen.com/english/advisories/2009/1186
vdb-entry

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.