CVE-2019-25467 | THREATINT

Description

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.

PUBLISHED Reserved 2026-02-22 | Published 2026-03-11 | Updated 2026-03-11 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Out-of-bounds Write

Product status

8.0

affected

Credits

Connor McGarr finder

References

www.exploit-db.com/exploits/47394 (ExploitDB-47394) exploit

www.verypdf.com (Official Product Homepage) product

dl.verypdf.net/docprint_pro_setup.exe (Product Reference) product

www.vulncheck.com/...-docprint-pro-local-seh-buffer-overflow (VulnCheck Advisory: Verypdf docPrint Pro 8.0 Local SEH Buffer Overflow) third-party-advisory

cve.org (CVE-2019-25467)

nvd.nist.gov (CVE-2019-25467)

Download JSON