CVE-2019-25550
Buffer Overflow in Encrypt PDF 2.3 Causes Local Crash
Publication date: 2026-03-21
Last updated on: 2026-04-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| verypdf | encrypt_pdf | 2.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25550 is a buffer overflow vulnerability in Encrypt PDF version 2.3. It occurs when a local attacker inputs an excessively long stringβspecifically a 1000-byte bufferβinto the User Password or Master Password fields in the Settings dialog. This causes the application to crash when importing PDF files.
The vulnerability arises from improper handling of these long password inputs, leading to memory corruption such as a buffer overflow, which results in a denial of service condition.
How can this vulnerability impact me? :
This vulnerability can cause the Encrypt PDF application to crash, resulting in a denial of service (DoS).
- An attacker with local access can trigger the crash by pasting a specially crafted 1000-byte string into the password fields.
- The crash makes the application unusable until it is restarted, disrupting normal operations involving PDF encryption.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the Encrypt PDF 2.3 application. Specifically, a test involves inputting an excessively long string (a 1000-byte buffer) into the User Password or Master Password fields in the Settings dialog and then attempting to open a PDF file.'}, {'type': 'paragraph', 'content': "A practical detection method is to use a script or manually create a buffer of 1000 'A' characters, copy it to the clipboard, and paste it into the password fields to observe if the application crashes."}, {'type': 'paragraph', 'content': 'There are no specific network commands since this is a local application vulnerability, but the following steps can be used on the affected system:'}, {'type': 'list_item', 'content': 'Generate a 1000-byte buffer of \'A\'s (e.g., using a Python script: `print("A" * 1000)`)'}, {'type': 'list_item', 'content': 'Copy the generated buffer to the clipboard.'}, {'type': 'list_item', 'content': 'Open Encrypt PDF 2.3, go to the Settings menu, and paste the buffer into the User Password or Master Password field.'}, {'type': 'list_item', 'content': 'Click OK and then attempt to open a PDF file.'}, {'type': 'paragraph', 'content': 'If the application crashes, the vulnerability is present.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of excessively long passwords in the User Password or Master Password fields within Encrypt PDF 2.3.
Since the vulnerability requires local access and is triggered by inputting a long string, restricting local access to trusted users can reduce risk.
Additionally, consider restarting the application if it crashes and avoid pasting large buffers into password fields.
Check for updates or patches from the vendor (VeryPDF) that address this buffer overflow vulnerability.