← voltar
CVE-2025-34106

PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature

CVSS 8.4 HIGHEPSS 0.3%CWE-119CWE-120
Vexday Risk Score
36Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 8.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit simPatch
Ciclo de vida
03 out 2015Exploit Metasploit disponível
15 jul 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this vulnerability by tricking a user into opening a maliciously crafted PDF file, leading to arbitrary code execution under the context of the user. This vulnerability has been verified on Windows XP, 7, 8, and 10 platforms using the PDFTools.exe component.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Burnaware · PDF Shaper