Description
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the application to crash when processing PCL files.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

VeryPDF PCL Converter 2.7 is vulnerable to a buffer overflow that can trigger a denial of service. The flaw occurs when a user supplies an overly long password in the PDF Security encryption fields. Providing a 3000‑byte password overflows internal buffers, causing the application to crash during PCL file processing.

Affected Systems

The vulnerability applies to the VeryPDF PCL Converter product, specifically version 2.7 as identified by the vendor and the CPE string. No other vendors or versions are listed as affected.

Risk and Exploitability

The CVSS base score is 6.9, indicating moderate impact. No EPSS score or KEV listing is available, implying limited public exploitation evidence. Exploitation requires local access to the machine where the application runs; the attacker must supply a malicious PDF file with a crafted password. Until a vendor update is applied, the risk remains for systems running the affected version.

Generated by OpenCVE AI on March 21, 2026 at 14:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update VeryPDF PCL Converter to a patched or newer version that fixes the buffer‑overflow flaw.
  • If a vendor update is not yet available, restrict local execution of the application to trusted users and monitor the system for abnormal crashes.
  • Avoid opening PDF files from untrusted sources on systems that run the vulnerable version.

Generated by OpenCVE AI on March 21, 2026 at 14:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the application to crash when processing PCL files.
Title VeryPDF PCL Converter 2.7 Denial of Service via PDF Security
First Time appeared Verypdf
Verypdf verypdf
Weaknesses CWE-787
CPEs cpe:2.3:a:verypdf:verypdf:2.7:*:*:*:*:*:*:*
Vendors & Products Verypdf
Verypdf verypdf
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Verypdf Verypdf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T14:11:50.064Z

Reserved: 2026-03-21T12:24:24.078Z

Link: CVE-2019-25549

cve-icon Vulnrichment

Updated: 2026-03-24T14:11:46.279Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-21T13:16:16.980

Modified: 2026-03-23T14:31:37.267

Link: CVE-2019-25549

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:33Z

Weaknesses