CVE-2026-23951: CWE-125: Out-of-bounds Read in sumatrapdfreader sumatrapdf
CVE-2026-23951 is a medium severity vulnerability in SumatraPDF (versions <= 3. 5. 2rel) caused by an off-by-one error in PalmDbReader::GetRecord when opening a crafted Mobi file. This triggers an integer underflow during size calculation, leading to an out-of-bounds heap read that crashes the application. Exploitation requires user interaction to open a malicious Mobi file and local access to the vulnerable software. There is no impact on confidentiality or integrity, but availability is affected due to application crashes. No patches are currently available, and no known exploits are in the wild. European organizations using SumatraPDF for document reading, especially those handling Mobi files, should be aware of potential denial-of-service risks. Mitigation involves restricting use of untrusted Mobi files, monitoring for crashes, and applying updates once available. Countries with higher adoption of SumatraPDF and significant e-book usage, such as Germany, France, and the UK, may be more affected.
AI Analysis
Technical Summary
CVE-2026-23951 is a vulnerability identified in SumatraPDF, a popular lightweight multi-format document reader for Windows. The flaw exists in the PalmDbReader::GetRecord function, which processes records in Mobi e-book files. Specifically, an off-by-one error in the validation logic triggers only when exactly two records are present, causing an integer underflow during the size calculation phase. This underflow leads to an out-of-bounds heap read, which results in the application crashing. The vulnerability is classified under CWE-125 (Out-of-bounds Read) and CWE-191 (Integer Underflow). Exploitation requires a user to open a specially crafted Mobi file, meaning user interaction is necessary. The vulnerability does not allow for code execution or data leakage but causes a denial-of-service condition by crashing the SumatraPDF process. The affected versions include all releases up to and including 3.5.2rel. At the time of reporting, no patches or fixes have been published, and no active exploits have been observed in the wild. The CVSS v3.1 base score is 5.5, reflecting medium severity with local attack vector, low attack complexity, no privileges required, user interaction required, and impact limited to availability.
Potential Impact
The primary impact of CVE-2026-23951 is denial of service due to application crashes when opening malicious Mobi files. For European organizations, this could disrupt workflows that rely on SumatraPDF for reading e-books or documents in Mobi format, particularly in sectors like publishing, education, and research where such formats might be common. While the vulnerability does not compromise confidentiality or integrity, repeated crashes could lead to productivity loss and potential operational disruptions. In environments where SumatraPDF is integrated into automated document processing pipelines, this vulnerability could be exploited to cause service interruptions. Since exploitation requires user interaction and local access, the risk is somewhat mitigated but still relevant for organizations with less controlled document handling policies. The lack of a patch increases exposure duration, emphasizing the need for interim mitigations. Additionally, if attackers combine this with social engineering to trick users into opening malicious files, the impact could be amplified.
Mitigation Recommendations
1. Restrict the use of SumatraPDF to trusted users and environments where document sources are verified. 2. Educate users to avoid opening Mobi files from untrusted or unknown sources, especially those received via email or downloads. 3. Implement application whitelisting and sandboxing to limit the impact of crashes and prevent potential escalation. 4. Monitor SumatraPDF application logs and system event logs for frequent crashes that may indicate exploitation attempts. 5. Consider temporarily disabling Mobi file support or using alternative PDF readers that do not support Mobi files until a patch is released. 6. Maintain up-to-date backups of important documents and user data to minimize disruption from denial-of-service conditions. 7. Follow vendor announcements closely and apply patches immediately once available. 8. Employ endpoint detection and response (EDR) tools to detect anomalous behavior related to SumatraPDF crashes or suspicious file openings.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain
CVE-2026-23951: CWE-125: Out-of-bounds Read in sumatrapdfreader sumatrapdf
Description
CVE-2026-23951 is a medium severity vulnerability in SumatraPDF (versions <= 3. 5. 2rel) caused by an off-by-one error in PalmDbReader::GetRecord when opening a crafted Mobi file. This triggers an integer underflow during size calculation, leading to an out-of-bounds heap read that crashes the application. Exploitation requires user interaction to open a malicious Mobi file and local access to the vulnerable software. There is no impact on confidentiality or integrity, but availability is affected due to application crashes. No patches are currently available, and no known exploits are in the wild. European organizations using SumatraPDF for document reading, especially those handling Mobi files, should be aware of potential denial-of-service risks. Mitigation involves restricting use of untrusted Mobi files, monitoring for crashes, and applying updates once available. Countries with higher adoption of SumatraPDF and significant e-book usage, such as Germany, France, and the UK, may be more affected.
AI-Powered Analysis
Technical Analysis
CVE-2026-23951 is a vulnerability identified in SumatraPDF, a popular lightweight multi-format document reader for Windows. The flaw exists in the PalmDbReader::GetRecord function, which processes records in Mobi e-book files. Specifically, an off-by-one error in the validation logic triggers only when exactly two records are present, causing an integer underflow during the size calculation phase. This underflow leads to an out-of-bounds heap read, which results in the application crashing. The vulnerability is classified under CWE-125 (Out-of-bounds Read) and CWE-191 (Integer Underflow). Exploitation requires a user to open a specially crafted Mobi file, meaning user interaction is necessary. The vulnerability does not allow for code execution or data leakage but causes a denial-of-service condition by crashing the SumatraPDF process. The affected versions include all releases up to and including 3.5.2rel. At the time of reporting, no patches or fixes have been published, and no active exploits have been observed in the wild. The CVSS v3.1 base score is 5.5, reflecting medium severity with local attack vector, low attack complexity, no privileges required, user interaction required, and impact limited to availability.
Potential Impact
The primary impact of CVE-2026-23951 is denial of service due to application crashes when opening malicious Mobi files. For European organizations, this could disrupt workflows that rely on SumatraPDF for reading e-books or documents in Mobi format, particularly in sectors like publishing, education, and research where such formats might be common. While the vulnerability does not compromise confidentiality or integrity, repeated crashes could lead to productivity loss and potential operational disruptions. In environments where SumatraPDF is integrated into automated document processing pipelines, this vulnerability could be exploited to cause service interruptions. Since exploitation requires user interaction and local access, the risk is somewhat mitigated but still relevant for organizations with less controlled document handling policies. The lack of a patch increases exposure duration, emphasizing the need for interim mitigations. Additionally, if attackers combine this with social engineering to trick users into opening malicious files, the impact could be amplified.
Mitigation Recommendations
1. Restrict the use of SumatraPDF to trusted users and environments where document sources are verified. 2. Educate users to avoid opening Mobi files from untrusted or unknown sources, especially those received via email or downloads. 3. Implement application whitelisting and sandboxing to limit the impact of crashes and prevent potential escalation. 4. Monitor SumatraPDF application logs and system event logs for frequent crashes that may indicate exploitation attempts. 5. Consider temporarily disabling Mobi file support or using alternative PDF readers that do not support Mobi files until a patch is released. 6. Maintain up-to-date backups of important documents and user data to minimize disruption from denial-of-service conditions. 7. Follow vendor announcements closely and apply patches immediately once available. 8. Employ endpoint detection and response (EDR) tools to detect anomalous behavior related to SumatraPDF crashes or suspicious file openings.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-01-19T14:49:06.312Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 697174714623b1157cfcd293
Added to database: 1/22/2026, 12:50:57 AM
Last enriched: 1/22/2026, 1:05:14 AM
Last updated: 1/22/2026, 1:54:55 AM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-27378: CWE-89 SQL Injection in Altium AES
HighCVE-2025-27377: CWE-295 – Improper Certificate Validation in Altium Altium Designer
MediumCVE-2026-23887: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Intermesh groupoffice
MediumCVE-2026-23873: CWE-1236: Improper Neutralization of Formula Elements in a CSV File in zhblue hustoj
MediumCVE-2026-1036: CWE-862 Missing Authorization in 10web Photo Gallery by 10Web – Mobile-Friendly Image Gallery
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.