CVE-2019-25550
Received Received - Intake

Buffer Overflow in Encrypt PDF 2.3 Causes Local Crash

Vulnerability report for CVE-2019-25550, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an application crash when importing PDF files.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-07-06
AI Q&A
2026-03-21
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
verypdf encrypt_pdf 2.3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2019-25550 is a buffer overflow vulnerability in Encrypt PDF version 2.3. It occurs when a local attacker inputs an excessively long stringβ€”specifically a 1000-byte bufferβ€”into the User Password or Master Password fields in the Settings dialog. This causes the application to crash when importing PDF files.

The vulnerability arises from improper handling of these long password inputs, leading to memory corruption such as a buffer overflow, which results in a denial of service condition.

Impact Analysis

This vulnerability can cause the Encrypt PDF application to crash, resulting in a denial of service (DoS).

  • An attacker with local access can trigger the crash by pasting a specially crafted 1000-byte string into the password fields.
  • The crash makes the application unusable until it is restarted, disrupting normal operations involving PDF encryption.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the Encrypt PDF 2.3 application. Specifically, a test involves inputting an excessively long string (a 1000-byte buffer) into the User Password or Master Password fields in the Settings dialog and then attempting to open a PDF file.'}, {'type': 'paragraph', 'content': "A practical detection method is to use a script or manually create a buffer of 1000 'A' characters, copy it to the clipboard, and paste it into the password fields to observe if the application crashes."}, {'type': 'paragraph', 'content': 'There are no specific network commands since this is a local application vulnerability, but the following steps can be used on the affected system:'}, {'type': 'list_item', 'content': 'Generate a 1000-byte buffer of \'A\'s (e.g., using a Python script: `print("A" * 1000)`)'}, {'type': 'list_item', 'content': 'Copy the generated buffer to the clipboard.'}, {'type': 'list_item', 'content': 'Open Encrypt PDF 2.3, go to the Settings menu, and paste the buffer into the User Password or Master Password field.'}, {'type': 'list_item', 'content': 'Click OK and then attempt to open a PDF file.'}, {'type': 'paragraph', 'content': 'If the application crashes, the vulnerability is present.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of excessively long passwords in the User Password or Master Password fields within Encrypt PDF 2.3.

Since the vulnerability requires local access and is triggered by inputting a long string, restricting local access to trusted users can reduce risk.

Additionally, consider restarting the application if it crashes and avoid pasting large buffers into password fields.

Check for updates or patches from the vendor (VeryPDF) that address this buffer overflow vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25550. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart