CVE-2025-48172

Name of the Vulnerable Software and Affected Versions: CHMLib versions through 2bef8d0

Description: The issue is related to an integer overflow in the chm decompress block function in chm lib.c, which leads to a heap-based buffer overflow in the chm fetch bytes function. This problem affects products that use CHMLib, such as SumatraPDF.

Recommendations: For CHMLib versions through 2bef8d0, consider restricting access to the chm decompress block and chm fetch bytes functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.