CVE-2025-67432
Stack Overflow in MBS DynaPDF Plugin Causes DoS
Publication date: 2026-02-12
Last updated on: 2026-02-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| monkeybread_software | mbs_dynapdf_plugin | 21.3.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67432 is a stack-based buffer overflow vulnerability found in the ZBarcode_Encode function of the Monkeybread Software MBS DynaPDF Plugin version 21.3.1.1.
The vulnerability occurs because the function uses a user-supplied length parameter directly in a stack allocation without validating if the length exceeds the available stack space.
If the length is too large (for example, over 1MB on Windows systems with a default 1MB stack size), it causes a stack overflow exception that immediately terminates the host process.
This can be triggered remotely by sending a crafted large barcode generation request to server-side applications using this plugin, leading to a Denial of Service (DoS) through process crash.
How can this vulnerability impact me? :
This vulnerability can cause a Denial of Service (DoS) by crashing the process that uses the vulnerable plugin.
If your application or server uses the MBS DynaPDF Plugin version 21.3.1.1, an attacker can remotely send a specially crafted barcode generation request that triggers a stack overflow, causing the application to terminate unexpectedly.
This results in service disruption, potentially affecting availability and reliability of your software or services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for process crashes with the exception code 0xC00000FD (STATUS_STACK_OVERFLOW) in applications using the MBS DynaPDF Plugin version 21.3.1.1.
Specifically, you can look for abnormal termination of processes that load the MBS_DynaPDF_dynapdf_Plugin_21311.dll, especially when handling barcode generation requests.
A proof-of-concept exploit triggers the vulnerability by sending a barcode generation request with a payload larger than 1MB, causing a stack overflow.
- On Windows, use Event Viewer or tools like ProcDump to capture crash dumps of the affected process and check for exception code 0xC00000FD.
- Use network monitoring tools to detect unusually large barcode generation requests (payloads over 1MB) sent to server-side applications using this plugin.
- If you have access to the server, you can run a custom test using the provided proof-of-concept code to confirm if the plugin is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or validating input sizes for barcode generation requests to ensure they do not exceed safe limits (e.g., less than 1MB).
Monitor and block unusually large requests that could trigger the stack overflow in the ZBarcode_Encode function.
If possible, update or patch the MBS DynaPDF Plugin to a version where this vulnerability is fixed.
As a temporary measure, consider isolating or limiting access to the affected service to trusted users or networks to reduce exposure.