#VU121650 Buffer overflow in Soda PDF Desktop - CVE-2025-14407
Published: January 19, 2026
Vulnerability identifier: #VU121650
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-14407
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Soda PDF Desktop
Soda PDF Desktop
Software vendor:
Avanquest
Avanquest
Description
The vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and gain access to sensitive information on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.