CVE-2019-25467

Published: Mar 11, 2026Modified: Apr 15, 2026Deferred

8.6

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

http://dl.verypdf.net/docprint_pro_setup.exe

Source: disclosure@vulncheck.com

http://www.verypdf.com

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/47394

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/verypdf-docprint-pro-local-seh-buffer-overflow

Source: disclosure@vulncheck.com

Timeline

No history available yet.