← back
CVE-2025-34106

PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature

CVSS 8.4 HIGHEPSS 0.3%CWE-119CWE-120
Vexday Risk Score
36Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 8.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
03 Oct 2015Metasploit module available
15 Jul 2025Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this vulnerability by tricking a user into opening a maliciously crafted PDF file, leading to arbitrary code execution under the context of the user. This vulnerability has been verified on Windows XP, 7, 8, and 10 platforms using the PDFTools.exe component.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Burnaware · PDF Shaper