CVE-2019-25467
Received Received - Intake
Structured Exception Handling Buffer Overflow in Verypdf docPrint Pro

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25467
EUVD
EUVD-2019-19738
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
verypdf docprint_pro 8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25467 is a local structured exception handling (SEH) buffer overflow vulnerability in Verypdf docPrint Pro version 8.0 and earlier. It occurs when the software improperly handles oversized alphanumeric encoded payloads supplied in the User Password or Master Password fields during PDF encryption.

An attacker with local access can craft a malicious payload containing encoded shellcode and manipulate the SEH chain to bypass security protections. When the password fields are processed, this can lead to arbitrary code execution, as demonstrated by a proof-of-concept that triggers a MessageBox.

Impact Analysis

This vulnerability allows a local attacker to execute arbitrary code on the affected system without requiring privileges or user interaction.

  • Execution of arbitrary code can lead to full compromise of confidentiality, integrity, and availability of the system.
  • Attackers can escalate privileges or run malicious payloads by exploiting the buffer overflow in the password handling mechanism.
  • Successful exploitation can disrupt normal operations or allow unauthorized access to sensitive data.
Compliance Impact

I don't know

Detection Guidance

This vulnerability is a local structured exception handling (SEH) buffer overflow in Verypdf docPrint Pro 8.0 that is triggered by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields during PDF encryption.

Detection involves identifying attempts to exploit this vulnerability by monitoring for unusual or oversized password inputs in the PDF encryption process of docPrint Pro 8.0.

Since the exploit is local and involves crafted payloads in password fields, network detection is limited. On the system, you can check for suspicious usage of docPrint Pro 8.0, especially processes invoking PDF encryption with abnormal password lengths.

No specific commands or signatures are provided in the available resources to detect this vulnerability automatically.

Mitigation Strategies

Immediate mitigation steps include restricting local access to systems running Verypdf docPrint Pro 8.0 to prevent untrusted users from exploiting the vulnerability.

Avoid using the User Password or Master Password fields for PDF encryption in docPrint Pro 8.0 until a patch or update is available.

Monitor and audit usage of docPrint Pro 8.0 for any suspicious activity related to PDF encryption.

Since no patch or update information is provided in the resources, consider contacting the vendor or checking official sources for updates or fixes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25467. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart