CVE-2026-23951
MEDIUMSumatraPDF - Out-of-bounds Read in PalmDbReader Mobi File Handling
Title source: llmDescription
SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting in an out-of-bounds heap read that crashes the app. There are no published fixes at the time of publication.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-hj4w-c5x8-p2hv
Product x_refsource_misc
https://github.com/sumatrapdfreader/sumatrapdf/blob/master/src/PalmDbReader.cpp
Scores
CVSS v3
5.5
EPSS
0.0019
EPSS Percentile
9.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
CWE-193
CWE-191
Status
published
Products (1)
sumatrapdfreader/sumatrapdf
Published
Jan 22, 2026
Tracked Since
Feb 18, 2026