CNNVD-202602-1253 Information

CNNVD ID

CNNVD-202602-1253

Related CVE

CVE-2026-25961

• CNNVD Published: 2026-02-09

Description (Chinese)

sumatrapdf是sumatrapdfreader开源的一个PDF阅读器。 SumatraPDF 3.5.0版本至3.5.2版本存在安全漏洞，该漏洞源于更新机制禁用TLS主机名验证且不检查安装程序签名，可能导致任意代码执行。

Description (English)

Sumatrapdf is a PDF reader for sumatrapdfreader open source. SumatraPDF versions 3.5.0 to 3.5.2 contain a security loophole, which stems from the fact that the updating mechanism prohibits the authentication of TLS hosts and does not check the signature of the installation program, which may lead to arbitrary code execution.

Vulnerability Type

其他

Affected Vendor

sumatrapdfreader

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/sumatrapdfreader/sumatrapdf/security/advisories/GHSA-xpm2-rr5m-x96q