CVE-2018-25211
Received Received - Intake
Buffer Overflow in Allok Video Splitter Allows Code Execution

Publication date: 2026-03-26

Last updated on: 2026-03-27

Assigner: VulnCheck

Description
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-27
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25211
EUVD
EUVD-2018-21680
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alloksoft video_splitter 3.1.1217
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2018-25211 is a buffer overflow vulnerability in Allok Video Splitter version 3.1.1217 and earlier. It occurs when a local attacker inputs an excessively long stringβ€”over 780 bytesβ€”into the License Name registration field. When the Register button is clicked, this oversized input triggers a buffer overflow, which can cause the application to crash or allow the attacker to execute arbitrary code.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can impact you by causing a denial of service, making the application crash and become unusable. More severely, it can allow an attacker to execute arbitrary code on your system, potentially compromising confidentiality, integrity, and availability of your data and system.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the buffer overflow condition locally on the system running Allok Video Splitter version 3.1.1217 or earlier.

A practical detection method involves creating a test input string exceeding 780 bytes and pasting it into the License Name registration field of the application, then clicking the Register button to observe if the application crashes or behaves unexpectedly.

For example, you can generate a test file containing 780 'A' characters using the following command in a Windows environment with Python installed:

  • python -c "print('A'*780)" > Evil.txt

Then, open the generated Evil.txt file, copy its contents, paste it into the License Name field of the application, and click Register to check for a crash or denial of service.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the License Name registration field with inputs longer than 780 bytes to prevent triggering the buffer overflow.

Restrict local access to the system running Allok Video Splitter to trusted users only, since the attack requires local access and user interaction.

Monitor and control user permissions to prevent untrusted users from interacting with the application.

Check for updates or patches from the vendor (http://www.alloksoft.com/) that address this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart