Volerion logoVolerion
Volerion logoVolerion

SumatraPDF Null Pointer Dereference Vulnerability in DjVu File Processing

Vulnerability

A null pointer dereference vulnerability exists in SumatraPDF version 3.5.2, specifically within the libmupdf.dll library, when handling crafted DjVu files. The issue arises in the DataPool::has_data() function, where the application crashes due to an attempt to access data from a null pointer. This vulnerability was introduced during the parsing of a malformed DjVu file, leading to an access violation and application crash.

Impact

Exploitation of this vulnerability causes a crash of the SumatraPDF application, due to an access violation from dereferencing a null pointer, which can potentially be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by opening a specially crafted DjVu file with SumatraPDF version 3.5.2. The file processing will trigger a crash in the application, as the libmupdf.dll library attempts to access data from a null pointer, leading to an access violation error.

Remediation

Users can update to the latest version of SumatraPDF, where this vulnerability has been addressed.

Added: Sep 15, 2025, 7:25 PM
Updated: Sep 15, 2025, 7:25 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
2.5
exploitability
5.8
remediation
0.0
relevance
0.5
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.