CVE-2025-57248 is a null pointer dereference vulnerability identified in SumatraPDF version 3.5.2, specifically triggered when processing a crafted .djvu file. The vulnerability occurs within the libmupdf.dll library, in the DataPool::has_data() function. When a maliciously crafted .djvu file is opened, the application attempts to access memory through a null pointer, causing the program to crash. This results in a denial-of-service (DoS) condition, as the application becomes unresponsive or terminates unexpectedly. The vulnerability does not appear to allow for arbitrary code execution or privilege escalation based on the current information, but the crash could be exploited to disrupt normal operations or potentially be leveraged as part of a more complex attack chain. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. The affected version is SumatraPDF 3.5.2, a lightweight, open-source PDF and document viewer popular for its speed and simplicity. The vulnerability is rooted in the handling of the .djvu file format, which is less commonly used than PDF but still relevant in certain document workflows.

For European organizations, the primary impact of this vulnerability is the potential for denial-of-service attacks against users or systems relying on SumatraPDF 3.5.2 for viewing .djvu files. This could disrupt document access in environments where .djvu files are used, such as academic institutions, publishing houses, or archival services that handle scanned documents in this format. While the vulnerability does not currently indicate remote code execution, the forced application crash could be exploited to interrupt workflows or cause operational downtime. Organizations with automated document processing pipelines that include SumatraPDF might experience service interruptions. Additionally, if attackers use crafted .djvu files as part of phishing or social engineering campaigns, unsuspecting users opening such files could trigger crashes, leading to loss of productivity or potential data loss if unsaved work is lost. The lack of a patch or mitigation at the time of disclosure increases the risk window. However, the impact is somewhat limited by the niche usage of the .djvu format and the specific version affected.

European organizations should immediately audit their use of SumatraPDF, particularly version 3.5.2, and identify systems where .djvu files are opened or processed. Until a patch is available, organizations should consider the following mitigations: 1) Disable or restrict the opening of .djvu files in SumatraPDF or replace SumatraPDF with alternative document viewers that do not exhibit this vulnerability. 2) Implement file type filtering at email gateways and endpoint security solutions to block or quarantine suspicious .djvu files from untrusted sources. 3) Educate users about the risks of opening unsolicited or unknown .djvu files, especially from external or unverified senders. 4) Monitor application crash logs and system events for signs of exploitation attempts or abnormal behavior related to SumatraPDF. 5) If SumatraPDF is embedded in automated workflows, temporarily suspend processing of .djvu files or switch to safer processing tools. 6) Stay alert for official patches or updates from SumatraPDF developers and apply them promptly once available. 7) Consider sandboxing or isolating document viewers to limit the impact of crashes or potential exploitation.