Integer Overflow Vulnerability in SumatraPDF and MuPDF by Artifex Software
CVE-2012-5340

7.8HIGH

Key Information:

Vendor: SumatraPDFreader
Status: SumatraPDF
Vendor: CVE Published:; 23 January 2020

🔔 Create SumatraPDFreader Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2012-5340?

The vulnerability present in SumatraPDF and MuPDF allows remote attackers to exploit an integer overflow flaw in the lex_number() function. This can be triggered through specially crafted PDF files, leading to potential remote code execution. Users should be aware of the risks associated with processing untrusted PDF documents to mitigate exposure to this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-5340 - Proof of Concept

References

http://www.exploit-db.com/exploits/23246

exploit

https://bugs.ghostscript.com/show_bug.cgi?id=693371

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/c...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 23, 2020
👾
Exploit known to exist
Jan 23, 2020
Vulnerability published
Jan 23, 2020
Vulnerability Reserved
Oct 8, 2012

CVE-2012-5340 Data

JSON