CVE-2018-25224
Stack-Based Buffer Overflow in PMS 0.42 Enables Code Execution
Publication date: 2026-03-28
Last updated on: 2026-04-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kimtore | practical_music_search | to 0.42 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25224 is a stack-based buffer overflow vulnerability found in PMS version 0.42. It occurs when the software processes a maliciously crafted configuration file containing oversized input. This overflow happens on the stack and allows local, unauthenticated attackers to execute arbitrary code by exploiting return-oriented programming (ROP) gadgets to run shell commands.
The vulnerability arises due to improper filtering of user-supplied input in the configuration file, specifically during logging operations in the software. Attackers can craft configuration files that overflow the stack buffer, bypass security mitigations like NX by using ROP techniques, and gain control over the execution flow.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows local, unauthenticated attackers to execute arbitrary code on the affected system. This means an attacker could run shell commands with the privileges of the PMS process, potentially leading to local privilege escalation or full system compromise.
Because the exploit uses return-oriented programming to bypass certain security protections, it can effectively allow attackers to take control of the system, install malware, steal data, or disrupt services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if PMS version 0.42 is installed and verifying if it processes configuration files that may contain oversized input values. Since the vulnerability is triggered by maliciously crafted configuration files, inspecting these files for unusually large or malformed entries can help identify potential exploitation attempts.
There are no specific network detection commands because the vulnerability is local and unauthenticated, affecting the local configuration file parsing.
To detect the presence of the vulnerable PMS version, you can run the following command on the system:
- pms --version
To check for suspicious configuration files, you can use commands like:
- grep -E '.{500,}' /path/to/pms/config/file
- head -n 20 /path/to/pms/config/file
Additionally, monitoring system logs for crashes or abnormal behavior related to PMS when loading configuration files may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid running PMS version 0.42 or earlier until a patched version is available.
- Do not load or use untrusted or suspicious configuration files that may contain oversized or malformed input.
- Restrict local access to the system to trusted users only, since the vulnerability requires local access.
- Monitor and audit configuration files regularly for unexpected changes or suspicious content.
- If possible, apply any available patches or updates from the PMS project or consider upgrading to a version that addresses this vulnerability.