CVE-2025-67432
Awaiting Analysis Awaiting Analysis - Queue
Stack Overflow in MBS DynaPDF Plugin Causes DoS

Publication date: 2026-02-12

Last updated on: 2026-02-13

Assigner: MITRE

Description
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-13
Generated
2026-06-16
AI Q&A
2026-02-12
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67432
EUVD
EUVD-2025-207240
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
monkeybread_software mbs_dynapdf_plugin 21.3.1.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67432 is a stack-based buffer overflow vulnerability found in the ZBarcode_Encode function of the Monkeybread Software MBS DynaPDF Plugin version 21.3.1.1.

The vulnerability occurs because the function uses a user-supplied length parameter directly in a stack allocation without validating if the length exceeds the available stack space.

If the length is too large (for example, over 1MB on Windows systems with a default 1MB stack size), it causes a stack overflow exception that immediately terminates the host process.

This can be triggered remotely by sending a crafted large barcode generation request to server-side applications using this plugin, leading to a Denial of Service (DoS) through process crash.

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) by crashing the process that uses the vulnerable plugin.

If your application or server uses the MBS DynaPDF Plugin version 21.3.1.1, an attacker can remotely send a specially crafted barcode generation request that triggers a stack overflow, causing the application to terminate unexpectedly.

This results in service disruption, potentially affecting availability and reliability of your software or services.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for process crashes with the exception code 0xC00000FD (STATUS_STACK_OVERFLOW) in applications using the MBS DynaPDF Plugin version 21.3.1.1.

Specifically, you can look for abnormal termination of processes that load the MBS_DynaPDF_dynapdf_Plugin_21311.dll, especially when handling barcode generation requests.

A proof-of-concept exploit triggers the vulnerability by sending a barcode generation request with a payload larger than 1MB, causing a stack overflow.

  • On Windows, use Event Viewer or tools like ProcDump to capture crash dumps of the affected process and check for exception code 0xC00000FD.
  • Use network monitoring tools to detect unusually large barcode generation requests (payloads over 1MB) sent to server-side applications using this plugin.
  • If you have access to the server, you can run a custom test using the provided proof-of-concept code to confirm if the plugin is vulnerable.
Mitigation Strategies

Immediate mitigation steps include restricting or validating input sizes for barcode generation requests to ensure they do not exceed safe limits (e.g., less than 1MB).

Monitor and block unusually large requests that could trigger the stack overflow in the ZBarcode_Encode function.

If possible, update or patch the MBS DynaPDF Plugin to a version where this vulnerability is fixed.

As a temporary measure, consider isolating or limiting access to the affected service to trusted users or networks to reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart