{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:04:19.478","vulnerabilities":[{"cve":{"id":"CVE-2026-25920","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T22:16:04.320","lastModified":"2026-02-20T20:22:56.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read nearly (1 << codeLength) bytes beyond the CDIC dictionary buffer, leading to a crash."},{"lang":"es","value":"SumatraPDF es un lector multiformato para Windows. En 3.5.2 y versiones anteriores, existe una vulnerabilidad de lectura fuera de límites del heap en el descompresor MOBI HuffDic de SumatraPDF. La comprobación de límites en AddCdicData() solo valida la mitad del rango al que DecodeOne() realmente accede. Abrir un archivo .mobi manipulado puede leer casi (1 &lt;&lt; codeLength) bytes más allá del búfer del diccionario CDIC, lo que provoca un fallo."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sumatrapdfreader:sumatrapdf:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5.2","matchCriteriaId":"3D48C2C6-E8BC-471E-B59A-236F038EBC0C"}]}]}],"references":[{"url":"https://github.com/sumatrapdfreader/sumatrapdf/blob/916392f94bc34e24f3c3286893ac6d7fa1e1c428/src/MobiDoc.cpp","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/sumatrapdfreader/sumatrapdf/commit/12b6887e9dfff874fe8749bab1bdc53d4ff075b3","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-5mwx-65x7-cffp","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}