CVE-2025-34106
PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature
Vexday Risk Score
36Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 8.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
03 Oct 2015Metasploit module available
15 Jul 2025Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this vulnerability by tricking a user into opening a maliciously crafted PDF file, leading to arbitrary code execution under the context of the user. This vulnerability has been verified on Windows XP, 7, 8, and 10 platforms using the PDFTools.exe component.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Burnaware · PDF ShaperReferences
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/shaper_pdf_bof.rbhttps://vulners.com/vulnerlab/VULNERABLE:1579https://www.exploit-db.com/exploits/37760https://www.pdfshaper.com/https://www.vulncheck.com/advisories/pdf-shaper-buffer-overflow-via-convert-to-image-feature