Vulnerability Summary - Product: MBS DynaPDF Plugin - Affected File: MBS_DynaPDF_dyanapdf_Plugin_21311.dll - Version: 21.3.1.1 - Vulnerability Type: Stack-based Buffer Overflow (Unchecked ) - Impact: Remote Denial of Service (DoS) / Process Termination - Discoverer: ho-ha (transparencybeam [at] gmail [dot] com) Technical Details - The vulnerability exists within the function of the plugin. The function passes a user-supplied length directly to an internal dispatcher, which subsequently performs a stack allocation using . - There is no validation to ensure the requested length does not exceed the available stack space. Providing a large length (e.g., > 1MB) triggers a exception, causing the host process to terminate immediately. Impact - The MBS DynaPDF Plugin is often used as middleware in server-side applications (e.g., Xojo or FileMaker backends). A remote attacker can trigger this crash by sending a large barcode generation request, resulting in a Denial of Service (DoS).