Monkeybread Software MBS DynaPDF Plugin Stack Overflow Vulnerability Leading to Denial-of-Service
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Monkeybread Software MBS DynaPDF Plugin version 21.3.1.1. The issue arises in the ZBarcode_Encode function, where user-supplied input is improperly validated before being used to allocate memory on the stack. This flaw allows attackers to send crafted input that exceeds the available stack space, causing a stack overflow exception that terminates the host process. The vulnerability can be exploited remotely, particularly in server-side applications that use this plugin as middleware.
Impact
Exploitation of this vulnerability causes a process termination, leading to a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by loading the affected DLL and calling the ZBarcode_Encode function with a payload that exceeds 1MB. This can be done using a C++ program that allocates 2MB of data, fills it with junk, and then sends it to the function, causing a stack overflow exception that can be caught to confirm the exploit.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.