CVE-2025-34106

Public Exploit

PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature

Description

A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this vulnerability by tricking a user into opening a maliciously crafted PDF file, leading to arbitrary code execution under the context of the user. This vulnerability has been verified on Windows XP, 7, 8, and 10 platforms using the PDFTools.exe component.

References

Link	Tags
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/shaper_pdf_bof.rb	exploit
https://www.exploit-db.com/exploits/37760	exploit
https://www.pdfshaper.com/	product
https://vulners.com/vulnerlab/VULNERABLE:1579	third party advisory
https://www.vulncheck.com/advisories/pdf-shaper-buffer-overflow-via-convert-to-image-feature	third party advisory

Frequently Asked Questions

What is the severity of CVE-2025-34106?: CVE-2025-34106 has been scored as a high severity vulnerability.
How to fix CVE-2025-34106?: To fix CVE-2025-34106, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-34106 being actively exploited in the wild?: It is possible that CVE-2025-34106 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-34106?: CVE-2025-34106 affects Burnaware PDF Shaper.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions