Executive Summary

This vulnerability is a null pointer dereference in SumatraPDF version 3.5.2 that occurs when processing a specially crafted .djvu file. Specifically, the issue happens inside the libmupdf.dll library in the DataPool::has_data() function. During parsing of a malformed DjVu file, an incomplete or invalid DataPool object is created, but the program attempts to call the has_data() method on a null pointer, causing an access violation and crashing the application. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause SumatraPDF 3.5.2 to crash unexpectedly when opening a maliciously crafted DjVu file. This denial of service could interrupt user activities and potentially be exploited to disrupt systems relying on SumatraPDF for document viewing. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for crashes of SumatraPDF version 3.5.2 when opening .djvu files, specifically crashes inside libmupdf.dll related to DataPool::has_data(). You can check application crash logs for access violation errors (C0000005) referencing libmupdf.dll. There are no specific network detection commands provided. On the system, you can use debugging or event log tools to identify SumatraPDF crashes triggered by malformed .djvu files. For example, on Windows, use Event Viewer to look for application error logs related to SumatraPDF or use tools like Procmon to monitor file access and crashes when opening .djvu files. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include avoiding opening untrusted or suspicious .djvu files with SumatraPDF version 3.5.2. Consider disabling or restricting the use of SumatraPDF for .djvu files until a patched version is released. Monitor for updates from SumatraPDF and apply patches as soon as they become available. Additionally, implement application whitelisting or sandboxing to limit the impact of potential crashes caused by malicious files. [1]

Useful 0 Not Useful 0