sumatrapdfreader CVE Vulnerabilities & Metrics

Focus on sumatrapdfreader vulnerabilities and metrics.

Last updated: 25 Nov 2025, 23:25 UTC

About sumatrapdfreader Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with sumatrapdfreader. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total sumatrapdfreader CVEs: 4
Earliest CVE date: 11 May 2009, 20:00 UTC
Latest CVE date: 15 Sep 2025, 16:15 UTC

Latest CVE reference: CVE-2025-57248

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical sumatrapdfreader CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.66

Max CVSS: 9.3

Critical CVEs (≥9): 5

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	0
9.0-10.0	5

CVSS Distribution Chart

Top 5 Highest CVSS sumatrapdfreader CVEs

These are the five CVEs with the highest CVSS scores for sumatrapdfreader, sorted by severity first and recency.

CVE-2013-2830 sumatrapdfreader Published on 08 Feb 2018, 23:29 UTC (CVSS: 9.3)
Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2012-4896 sumatrapdfreader Published on 05 Oct 2012, 10:51 UTC (CVSS: 9.3)
Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895.
CVE-2012-4895 sumatrapdfreader Published on 05 Oct 2012, 10:51 UTC (CVSS: 9.3)
Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896.
CVE-2009-4117 sumatrapdfreader Published on 01 Dec 2009, 00:30 UTC (CVSS: 9.3)
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7s...
CVE-2009-1605 sumatrapdfreader Published on 11 May 2009, 20:00 UTC (CVSS: 9.3)
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.

All CVEs for sumatrapdfreader

CVE-2025-57248 sumatrapdfreader vulnerability CVSS: 0 15 Sep 2025, 16:15 UTC

A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is opened, the application crashes inside libmupdf.dll, specifically in the DataPool::has_data() function.

CVE-2023-33802 sumatrapdfreader vulnerability CVSS: 0 26 Jul 2023, 20:15 UTC

A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.

CVE-2012-5340 sumatrapdfreader vulnerability CVSS: 6.8 23 Jan 2020, 22:15 UTC

SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.

CVE-2013-2830 sumatrapdfreader vulnerability CVSS: 9.3 08 Feb 2018, 23:29 UTC

Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2012-4896 sumatrapdfreader vulnerability CVSS: 9.3 05 Oct 2012, 10:51 UTC

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895.

CVE-2012-4895 sumatrapdfreader vulnerability CVSS: 9.3 05 Oct 2012, 10:51 UTC

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896.

CVE-2009-4117 sumatrapdfreader vulnerability CVSS: 9.3 01 Dec 2009, 00:30 UTC

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.

CVE-2009-1605 sumatrapdfreader vulnerability CVSS: 9.3 11 May 2009, 20:00 UTC

Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information.