CVE-2025-48172
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-07-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the CHMLib library used by SumatraPDF and other products. Specifically, in the _chm_decompress_block function, a crafted .chm file can contain a block_len value that passes initial checks but causes an integer overflow when adding 6144. This overflow leads to an undersized buffer allocation, which then results in a heap-based buffer overflow in the _chm_fetch_bytes function. Essentially, malformed input can cause memory corruption and crashes. [1]
How can this vulnerability impact me? :
This vulnerability can cause crashes or memory corruption in applications using the affected CHMLib version, such as SumatraPDF. An attacker could exploit this by providing a specially crafted .chm file to trigger the buffer overflow, potentially leading to denial of service or other unpredictable behavior. However, exploitation requires local access since the attack vector involves opening a malicious .chm file. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of vulnerable versions of CHMLib or SumatraPDF that use the affected libchm library. Since the issue arises from processing crafted .chm files causing crashes or memory corruption, monitoring for crashes or abnormal behavior when opening .chm files with SumatraPDF or other products using CHMLib can indicate exploitation attempts. There are no specific commands provided in the resources, but you can check the version of SumatraPDF or CHMLib installed and monitor logs for crashes related to .chm file processing. Additionally, scanning for .chm files received or accessed on the system and verifying if they are from untrusted sources may help detect potential exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating SumatraPDF or any other affected products to versions that include the patch fixing this vulnerability. The patch modifies input validation checks in the CHMLib to prevent integer overflow by ensuring values do not exceed INT_MAX instead of UINT_MAX. If an update is not immediately available, avoid opening untrusted or suspicious .chm files to reduce risk. Monitoring and restricting access to .chm files can also help mitigate potential exploitation. [1]