CVE-2018-25216
Received Received - Intake
Local Buffer Overflow in AnyBurn 4.3 Causes DoS Crash

Publication date: 2026-03-26

Last updated on: 2026-03-27

Assigner: VulnCheck

Description
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-27
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25216
EUVD
EUVD-2018-21690
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
powersoftware anyburn 4.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2018-25216 is a local buffer overflow vulnerability found in AnyBurn version 4.3 (32-bit). It occurs when a local attacker inputs an excessively long stringβ€”specifically a 10,000-byte payloadβ€”into the 'Image file name' field during the 'Copy disk to Image' operation. This causes the application to improperly handle the buffer size, leading to a crash of the application.

The vulnerability is triggered by pasting a very large string into the input field, which overflows the buffer allocated for the file name, resulting in a denial of service condition.

Impact Analysis

This vulnerability can impact you by causing the AnyBurn application to crash when an excessively long string is supplied in the 'Image file name' field during the 'Copy disk to Image' operation.

The impact is a denial of service (DoS) condition, meaning the application becomes unavailable or unusable until restarted.

There is no indication that this vulnerability allows for remote exploitation or code execution, so the primary risk is disruption of service on the local machine.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the crash condition locally on systems running AnyBurn 4.3. Specifically, a test involves supplying an excessively long string (10,000 bytes) into the 'Image file name' field during the 'Copy disk to Image' operation to see if the application crashes.

A practical detection method includes using a Python script to create a payload file with 10,000 'A' characters, copying its content to the clipboard, and then pasting it into the vulnerable input field in AnyBurn 4.3 to observe if the application crashes.

  • Create a file named 'Evil.txt' containing 10,000 'A' characters using a Python script.
  • Copy the content of 'Evil.txt' to the clipboard.
  • Open AnyBurn 4.3 and select the 'Copy disk to Image' option.
  • Paste the clipboard content into the 'Image file name' input field.
  • Click 'Create Now' and observe if the application crashes, indicating the presence of the vulnerability.
Mitigation Strategies

Immediate mitigation steps include avoiding the use of AnyBurn version 4.3 or restricting local access to systems running this vulnerable version to prevent exploitation.

Since the vulnerability requires local access and is triggered by supplying an excessively long string in the 'Image file name' field, users should avoid pasting or entering unusually long strings in this field.

Upgrading to a newer, patched version of AnyBurn (such as version 6.7 or later) when available is recommended to eliminate this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25216. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart