Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4117Improper Restriction of Operations within the Bounds of a Memory Buffer in Sumatrapdf

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
25.6%
top 3.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Sumatrapdfreader Sumatrapdf
Timeline
PublishedDec 1
Latest updateMay 2

Description

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5m5r-69xr-2fx8: Multiple stack-based buffer overflows in pdf_shade42022-05-02
CVEList
CVE-2009-4117: Multiple stack-based buffer overflows in pdf_shade42009-12-01

💥Exploits & PoCs

1
Exploit-DB
MuPDF < 20091125231942 - 'pdf_shade4.c' Multiple Stack Buffer Overflows2009-11-28
CVE-2009-4117 — Sumatrapdf vulnerability | cvebase