CVE-2025-67432
Published: 12 February 2026
Summary
CVE-2025-67432 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-67432 is a stack-based buffer overflow vulnerability, classified under CWE-121, in the ZBarcode_Encode function of the Monkeybread Software MBS DynaPDF Plugin version 21.3.1.1. This flaw enables attackers to induce a Denial of Service (DoS) by providing a specially crafted input that overflows the stack. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its network accessibility and potential for high availability disruption without affecting confidentiality or integrity.
Any unauthenticated attacker with network access to a system running the vulnerable plugin can exploit this issue with low attack complexity and no user interaction required. By delivering a malicious input to the ZBarcode_Encode function, the attacker triggers the stack overflow, causing the application to crash and rendering the service unavailable until restart or recovery.
Advisories and additional details, including potential mitigation guidance, are available in the referenced GitHub gists: https://gist.github.com/Hyobin/818f52535929ec471d234bab67d94987 and https://gist.github.com/transparencybeam/818f52535929ec471d234bab67d94987. Security practitioners should review these for plugin updates or workarounds, such as input validation or upgrading to a patched version if available.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207240
Vulnerability details
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in ZBarcode_Encode directly enables application crash via crafted input, matching Endpoint DoS through software exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification and remediation of the stack overflow flaw in the MBS DynaPDF Plugin via patching or upgrades.
Enforces validation of inputs to the ZBarcode_Encode function to block crafted data causing stack overflows.
Implements memory protections such as stack canaries and non-executable stacks to mitigate stack-based buffer overflows.