CVE-2012-5340

Name of the Vulnerable Software and Affected Versions SumatraPDF version 2.1.1 MuPDF version 1.0

Description The issue allows remote attackers to cause an integer overflow in the lex number() function via a corrupt PDF file. It is also caused by a signedness error in the pdf repair obj stm() function when processing a stream, which can be exploited to corrupt memory via a specially crafted length number.

Recommendations For SumatraPDF version 2.1.1, consider disabling the lex number() function until a patch is available. For MuPDF version 1.0, restrict access to the pdf repair obj stm() function to minimize the risk of exploitation. As a temporary workaround, avoid using specially crafted PDF files that could trigger the integer overflow in the lex number() function until the issue is resolved.