Heap-Based Buffer Overflow in SumatraPDF by Krzysztof Kowalczyk
CVE-2012-4895

Currently unrated

Key Information:

Vendor: SumatraPDFreader
Status: SumatraPDF
Vendor: CVE Published:; 5 October 2012

🔔 Create SumatraPDFreader Vulnerability Alert

What is CVE-2012-4895?

A heap-based buffer overflow vulnerability exists in SumatraPDF versions prior to 2.1. This flaw allows remote attackers to craft malicious PDF documents that may lead to arbitrary code execution on the affected system when opened. The issue arises from insufficient validation of input data, allowing an attacker to manipulate the heap memory and execute unauthorized commands.

References

http://secunia.com/advisories/50656

third-party-advisoryx_refsource_SECUNIA

http://code.google.com/p/sumatrapdf/source/browse/trunk/d...

x_refsource_CONFIRM

http://technet.microsoft.com/security/msvr/msvr12-014

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2012
Vulnerability Reserved
Sep 12, 2012

CVE-2012-4895 Data

JSON