CVE-2025-48172

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-48172

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48172.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48172

Published

2025-07-04T13:15:25Z

Modified

2025-07-08T16:57:53.843493Z

Summary

[none]

Details

CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chmlib.c _chmdecompressblock integer overflow. There is a resultant heap-based buffer overflow in _chmfetch_bytes.

References

Affected packages

Git / github.com/sumatrapdfreader/sumatrapdf

Affected ranges

Type: GIT
Repo: https://github.com/sumatrapdfreader/sumatrapdf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

08179946a745cf1605e4b9670942ec1a6e1f4c5d

Affected versions

1.*

1.4split

1.5split

1.6split

1.7split

1.8split

1.9split

2.*

2.0split

2.1split

2.2split

2.3split

2.4split

2.5split

3.*

3.0split

3.1.2rel

3.2