Primary

Context

VeryPDF Encrypt PDF Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in VeryPDF Encrypt PDF version 2.3. This vulnerability allows local attackers to cause a denial-of-service by inputting excessively long strings into password fields. When a 1000-byte buffer is pasted into the User Password or Master Password field in the Settings dialog, the application crashes upon importing PDF files.

Impact

Exploitation of this vulnerability leads to a crash of the Encrypt PDF application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first run a Python script that generates a 1000-byte buffer and saves it to a text file. Copy the buffer text from the file into the clipboard. Then, open Encrypt PDF version 2.3, navigate to the 'Settings' menu, and paste the clipboard content into either the 'User Password' or 'Master Password' field. After clicking 'OK', import a PDF file, which will trigger the application crash.

Added: Mar 21, 2026, 1:27 PM

Updated: Mar 21, 2026, 1:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VeryPDF Encrypt PDF Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

VeryPDF Encrypt PDF

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating