CVE-2018-25211
Buffer Overflow in Allok Video Splitter Allows Code Execution
Publication date: 2026-03-26
Last updated on: 2026-03-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alloksoft | video_splitter | 3.1.1217 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25211 is a buffer overflow vulnerability in Allok Video Splitter version 3.1.1217 and earlier. It occurs when a local attacker inputs an excessively long stringβover 780 bytesβinto the License Name registration field. When the Register button is clicked, this oversized input triggers a buffer overflow, which can cause the application to crash or allow the attacker to execute arbitrary code.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service, making the application crash and become unusable. More severely, it can allow an attacker to execute arbitrary code on your system, potentially compromising confidentiality, integrity, and availability of your data and system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the buffer overflow condition locally on the system running Allok Video Splitter version 3.1.1217 or earlier.
A practical detection method involves creating a test input string exceeding 780 bytes and pasting it into the License Name registration field of the application, then clicking the Register button to observe if the application crashes or behaves unexpectedly.
For example, you can generate a test file containing 780 'A' characters using the following command in a Windows environment with Python installed:
- python -c "print('A'*780)" > Evil.txt
Then, open the generated Evil.txt file, copy its contents, paste it into the License Name field of the application, and click Register to check for a crash or denial of service.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the License Name registration field with inputs longer than 780 bytes to prevent triggering the buffer overflow.
Restrict local access to the system running Allok Video Splitter to trusted users only, since the attack requires local access and user interaction.
Monitor and control user permissions to prevent untrusted users from interacting with the application.
Check for updates or patches from the vendor (http://www.alloksoft.com/) that address this vulnerability and apply them as soon as they become available.