CVE-2018-25216
Received Received - Intake

Local Buffer Overflow in AnyBurn 4.3 Causes DoS Crash

Vulnerability report for CVE-2018-25216, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-26

Last updated on: 2026-03-27

Assigner: VulnCheck

Description

AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-26
Last Modified
2026-03-27
Generated
2026-07-06
AI Q&A
2026-03-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
powersoftware anyburn 4.3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2018-25216 is a local buffer overflow vulnerability found in AnyBurn version 4.3 (32-bit). It occurs when a local attacker inputs an excessively long stringβ€”specifically a 10,000-byte payloadβ€”into the 'Image file name' field during the 'Copy disk to Image' operation. This causes the application to improperly handle the buffer size, leading to a crash of the application.

The vulnerability is triggered by pasting a very large string into the input field, which overflows the buffer allocated for the file name, resulting in a denial of service condition.

Impact Analysis

This vulnerability can impact you by causing the AnyBurn application to crash when an excessively long string is supplied in the 'Image file name' field during the 'Copy disk to Image' operation.

The impact is a denial of service (DoS) condition, meaning the application becomes unavailable or unusable until restarted.

There is no indication that this vulnerability allows for remote exploitation or code execution, so the primary risk is disruption of service on the local machine.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the crash condition locally on systems running AnyBurn 4.3. Specifically, a test involves supplying an excessively long string (10,000 bytes) into the 'Image file name' field during the 'Copy disk to Image' operation to see if the application crashes.

A practical detection method includes using a Python script to create a payload file with 10,000 'A' characters, copying its content to the clipboard, and then pasting it into the vulnerable input field in AnyBurn 4.3 to observe if the application crashes.

  • Create a file named 'Evil.txt' containing 10,000 'A' characters using a Python script.
  • Copy the content of 'Evil.txt' to the clipboard.
  • Open AnyBurn 4.3 and select the 'Copy disk to Image' option.
  • Paste the clipboard content into the 'Image file name' input field.
  • Click 'Create Now' and observe if the application crashes, indicating the presence of the vulnerability.
Mitigation Strategies

Immediate mitigation steps include avoiding the use of AnyBurn version 4.3 or restricting local access to systems running this vulnerable version to prevent exploitation.

Since the vulnerability requires local access and is triggered by supplying an excessively long string in the 'Image file name' field, users should avoid pasting or entering unusually long strings in this field.

Upgrading to a newer, patched version of AnyBurn (such as version 6.7 or later) when available is recommended to eliminate this vulnerability.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25216. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart