CVE-2019-25550

MEDIUM

Encrypt PDF 2.3 Denial of Service via Buffer Overflow

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25550. PoCs published by Alejandra Sánchez.

AI-analyzed exploit summary This PoC exploits a buffer overflow vulnerability in Encrypt PDF v2.3 by generating a malicious input file that triggers a crash when pasted into the 'User Password' or 'Master Password' field. The exploit demonstrates a Denial of Service (DoS) condition.

Description

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an application crash when importing PDF files.

Exploits (1)

exploitdb WORKING POC
by Alejandra Sánchez · pythondoswindows
https://www.exploit-db.com/exploits/46871

This PoC exploits a buffer overflow vulnerability in Encrypt PDF v2.3 by generating a malicious input file that triggers a crash when pasted into the 'User Password' or 'Master Password' field. The exploit demonstrates a Denial of Service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Encrypt PDF v2.3
No auth needed
Prerequisites: Python to generate the malicious file · Encrypt PDF v2.3 installed on the target system
devstral-2 · analyzed Mar 21, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46871
https://www.exploit-db.com/exploits/46871
Product product
Official Product Homepage
http://www.verypdf.com
Third Party Advisory third-party-advisory
VulnCheck Advisory: Encrypt PDF 2.3 Denial of Service via Buffer Overflow
https://www.vulncheck.com/advisories/encrypt-pdf-denial-of-service-via-buffer-overflow

Scores

CVSS v3 6.2
EPSS 0.0018
EPSS Percentile 7.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
Verypdf/Encrypt PDF 2.3
verypdf/encrypt_pdf 2.3
Published Mar 21, 2026
Tracked Since Mar 21, 2026