CVE-2025-34106

HIGH

PDF Shaper 3.5-3.6 - Buffer Overflow via Convert to Image Feature

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34106. PoCs published by metacom, including Metasploit module exploits/windows/fileformat/shaper_pdf_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow vulnerability in PDF Shaper v3.5 by crafting a malicious PDF file with a specially embedded JPEG image. The exploit targets the 'Convert PDF to Image' functionality and achieves remote code execution via SEH overwrite.

Description

A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this vulnerability by tricking a user into opening a maliciously crafted PDF file, leading to arbitrary code execution under the context of the user. This vulnerability has been verified on Windows XP, 7, 8, and 10 platforms using the PDFTools.exe component.

Exploits (2)

exploitdb WORKING POC VERIFIED

by metacom · rubylocalwindows

https://www.exploit-db.com/exploits/37760

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in PDF Shaper v3.5 by crafting a malicious PDF file with a specially embedded JPEG image. The exploit targets the 'Convert PDF to Image' functionality and achieves remote code execution via SEH overwrite.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PDF Shaper v3.5

No auth needed

Prerequisites: Victim must open the malicious PDF file in PDF Shaper v3.5

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/shaper_pdf_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in PDF Shaper by crafting a malicious PDF file with a specially crafted JPEG image. The exploit targets the 'Convert PDF to Image' functionality and has been tested on multiple Windows versions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PDF Shaper v3.5 and v3.6

No auth needed

Prerequisites: Victim must open the malicious PDF file with PDF Shaper

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/shaper_pdf_bof.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/37760

Various Sources product

https://www.pdfshaper.com/

Various Sources third-party-advisory

https://vulners.com/vulnerlab/VULNERABLE:1579

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/pdf-shaper-buffer-overflow-via-convert-to-image-feature

Scores

CVSS v4 8.4

EPSS 0.0033

EPSS Percentile 24.5%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-120

Status published

Products (1)

Burnaware/PDF Shaper 3.5 - 3.6

Published Jul 15, 2025

Tracked Since Feb 18, 2026