CHMLib Heap-Based Buffer Overflow Vulnerability in SumatraPDF

A heap-based buffer overflow vulnerability has been identified in CHMLib, a library used for handling CHM files, which is embedded in SumatraPDF versions 3.4.3 and later. The issue arises from an integer overflow in the '_chm_decompress_block' function, leading to incorrect memory allocation. This flaw allows a crafted CHM file to trigger a write past the bounds of a heap allocation, potentially overwriting memory and causing corruption.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, causing memory corruption. This could disrupt the application's normal operation and, under certain conditions, allow for information leakage or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by opening a malicious CHM file in SumatraPDF. The crafted file should be designed to exploit the integer overflow in the '_chm_decompress_block' function, causing the memory allocation to be insufficient and triggering the buffer overflow when CHM content is decompressed.

Remediation

Users can update to the latest version of SumatraPDF, where this vulnerability has been fixed.