CVE-2023-33802

Name of the Vulnerable Software and Affected Versions SumatraPDF version 3.4.6

Description The issue is related to a buffer overflow in the SumatraPDF Reader when handling text files, such as first.txt and second.txt, due to the lack of size checking of input data. This can be exploited by a remote attacker to cause a Denial of Service (DoS) via a crafted text file.

Recommendations For SumatraPDF version 3.4.6, consider disabling the CrashAlwaysIf() function as a temporary workaround until a patch is available. Restrict access to handling text files to minimize the risk of exploitation. Avoid using the affected SumatraPDF version to open untrusted text files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.