Cyber Resilience

CVE-2025-34106

HighPublic PoC

Published: 15 July 2025

Published
15 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.2172 95.9th percentile
Risk Priority 30 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34106 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 8.4 (High).

Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 within the PDFTools.exe component during use of the Convert PDF to Image feature. The flaw, tracked under CWE-119 and CWE-120, occurs when processing a specially crafted PDF file and has been confirmed on Windows XP, 7, 8, and 10.

An unauthenticated attacker can exploit the issue by supplying a malicious PDF and convincing a user to open it with the affected software. Successful exploitation grants arbitrary code execution in the context of the logged-in user, corresponding to the CVSS 8.4 rating that reflects local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

Public exploit code is available, including a Metasploit module and an entry on Exploit-DB, along with an advisory from VulnCheck that documents the buffer overflow via the convert-to-image feature. The EPSS score stands at 0.2172 with no material change from its recorded peak.

EU & UK References

Vulnerability details

A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this vulnerability by tricking a user into opening…

more

a maliciously crafted PDF file, leading to arbitrary code execution under the context of the user. This vulnerability has been verified on Windows XP, 7, 8, and 10 platforms using the PDFTools.exe component.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

PDF Shaper
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-119 CWE-120

Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.

addresses: CWE-119

Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.

addresses: CWE-119

Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.

addresses: CWE-119

Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.

References