CVE-2023-33802: 
SumatraPDF vulnerability analysis and mitigation

A buffer overflow vulnerability was discovered in SumatraPDF Reader version 3.4.6 that allows attackers to cause a Denial of Service (DoS) condition through a crafted text file. The vulnerability was assigned CVE-2023-33802 and was disclosed on July 26, 2023. The issue affects the 32-bit version of SumatraPDF Reader 3.4.6 (NVD, MITRE).

The vulnerability is caused by a buffer overflow condition that occurs when opening large text files. The issue is triggered in the EnsureCap function where memory allocation failures lead to a crash through the CrashAlwaysIf macro, which internally calls the CrashMe function. The CrashMe function attempts to dereference a null pointer, resulting in an access violation. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (GitHub POC).

When successfully exploited, this vulnerability results in a Denial of Service condition, causing the application to crash. The impact is limited to availability, with no direct impact on confidentiality or integrity. The vulnerability requires user interaction as it involves opening specially crafted text files (NVD).