CNNVD-202507-446 Information

CNNVD ID

CNNVD-202507-446

Related CVE

CVE-2025-48172

• CNNVD Published: 2025-07-04

Description (Chinese)

CHMLib是jedwing个人开发者的一个用于处理CHM文件的函数库。 CHMLib 2bef8d0及之前版本存在输入验证错误漏洞，该漏洞源于_chm_decompress_block整数溢出，可能导致堆缓冲区溢出。

Description (English)

CHMLib is a function library used by the Jedwing personal developers to process CHM files. The CHMLib 2bef8d0 and previous versions had input validation error holes, which originated from the spill of chm decompress block integers, which could lead to spills over the buffer zone.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Live Support

Published

2025-07-04

Last Modified

2026-02-24

References

https://drive.google.com/file/d/1wq51px42eoJz2VQ1Qu9ObPVQVom9T9H_/view?usp=sharing https://drive.google.com/file/d/1XpulFyCGlq7Szzg5RsH-eRwZ6OyuSozl/view?usp=sharing https://github.com/jedwing/CHMLib/blob/2bef8d063ec7d88a8de6fd9f0513ea42ac0fa21f/src/chm_lib.c#L1386 https://github.com/sumatrapdfreader/sumatrapdf/commit/08179946a745cf1605e4b9670942ec1a6e1f4c5d