CVE-2026-13522

Summary

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
InvestintechSlimPDFReader2.0.0affected
InvestintechSlimPDFReader2.0.1affected
InvestintechSlimPDFReader2.0.2affected
InvestintechSlimPDFReader2.0.3affected
InvestintechSlimPDFReader2.0.4affected
InvestintechSlimPDFReader2.0.5affected
InvestintechSlimPDFReader2.0.6affected
InvestintechSlimPDFReader2.0.7affected
InvestintechSlimPDFReader2.0.8affected
InvestintechSlimPDFReader2.0.9affected
InvestintechSlimPDFReader2.0.10affected
InvestintechSlimPDFReader2.0.11affected
InvestintechSlimPDFReader2.0.12affected
InvestintechSlimPDFReader2.0.13affected
InvestintechSlimPDFReader2.0.14affected

Weaknesses

  • CWE-125: Out-of-Bounds Read
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References