Not logged in. Log in with Twitter

Sumatra PDF Reader forum

Small, fast, free PDF, EPUB, MOBI, CHM, DJVU, CBR, CBZ reader for Windows

SumatraPDF DLL Hijacking vulnerability

As described here
https://packetstormsecurity.com/files/140974/SumatraPDF-3.1.2-DLL-Hijacking.html

The submitter contacted the SumatraPDF maintainer. Quoting form the linked page

2017-01-21 sent vulnerability report regarding the installer
to author
NO ANSWER, not even an acknowledgement of receipt
2017-01-24 sent vulnerability report regarding the "portable"
version to author
NO ANSWER, not even an acknowledgement of receipt
2017-01-28 resent first vulnerability report to author
NO ANSWER, not even an acknowledgement of receipt
2017-01-31 resent second vulnerability report to author
NO ANSWER, not even an acknowledgement of receipt
2017-02-07 report published

Two other security vulnerabilities from August 2016 and October 2016
https://github.com/sumatrapdfreader/sumatrapdf/issues/605
https://github.com/sumatrapdfreader/sumatrapdf/issues/629

AFAICT still no comment on them from maintainer, despite several forum threads
http://forums.fofou.org/sumatrapdf/topic?id=3185336
http://forums.fofou.org/sumatrapdf/topic?id=3185315
http://forums.fofou.org/sumatrapdf/topic?id=3185291
eri on February 24, 2017
The maintainer may have take action to avoid, can refer the commit:
https://github.com/sumatrapdfreader/sumatrapdf/commit/5c19505e84bfc80654e576ca31c6b3aca516e688
user on February 26, 2017
Krzysztof can't do all this on his own
we need zeniko back he's been gone a while :(
https://github.com/zeniko
*$* on March 18, 2017

Powered by fofou, created by Krzysztof Kowalczyk