Description
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an application crash when importing PDF files.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Encrypt PDF 2.3 has a buffer overflow that can be triggered by entering a 1000‑byte string into the User Password or Master Password fields. The overflow causes the application to crash, resulting in a denial‑of‑service condition. This flaw is classified as a classic buffer overflow, corresponding to CWE‑787.

Affected Systems

The vulnerability affects Verypdf’s Encrypt PDF version 2.3. No other products or versions are listed as affected by the CNA.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity and the attack vector is local, requiring the attacker to have direct access to the machine running Encrypt PDF. EPSS data is unavailable, and the issue is not in CISA’s KEV catalog. An attacker can exploit the flaw simply by using the application’s Settings dialog to enter a long string, after which the program will crash when importing any PDF.

Generated by OpenCVE AI on March 21, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Encrypt PDF to the latest available version that contains the patch for CVE‑2019‑25550
  • If a patch is not immediately available, avoid entering long strings in the password fields during PDF import, or limit the maximum input size by using a sanitization tool
  • Consider running Encrypt PDF in a sandboxed environment or restricting local user privileges to limit the impact of a possible crash

Generated by OpenCVE AI on March 21, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an application crash when importing PDF files.
Title Encrypt PDF 2.3 Denial of Service via Buffer Overflow
First Time appeared Verypdf
Verypdf verypdf
Weaknesses CWE-787
CPEs cpe:2.3:a:verypdf:verypdf:2.3:*:*:*:*:*:*:*
Vendors & Products Verypdf
Verypdf verypdf
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Verypdf Verypdf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:38:49.709Z

Reserved: 2026-03-21T12:24:30.924Z

Link: CVE-2019-25550

cve-icon Vulnrichment

Updated: 2026-03-23T16:38:41.612Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-21T13:16:17.147

Modified: 2026-03-23T14:31:37.267

Link: CVE-2019-25550

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:32Z

Weaknesses