VeryPDF PCL Converter Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in VeryPDF PCL Converter version 2.7. This vulnerability allows local attackers to crash the application by entering an excessively long password, specifically 3000 bytes, in the PDF Security encryption fields. The application processes PCL files, and the buffer overflow caused by the long password string leads to a crash.

Impact

Exploitation of this vulnerability causes the application to crash, disrupting any ongoing processes or tasks.

Reproduction

To reproduce this vulnerability, open VeryPDF PCL Converter version 2.7 on a Windows 10 system. Navigate to 'Settings' and then 'PDF Security'. Enable the 'Encrypt PDF File' option and paste a 3000-byte password into the 'User Password' or 'Master Password' field. After confirming the password, add a PCL file and start the conversion process. The application will crash, demonstrating the denial-of-service condition.