CVE-2018-25264
Received Received - Intake
Buffer Overflow in TransMac 12.2 License Key Causes DoS

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25264
EUVD
EUVD-2018-21792
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dotnetix transmac 12.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in TransMac 12.2 and is a buffer overflow in the license key input field.

Local attackers can exploit this by submitting an oversized stringβ€”specifically, a payload containing 4000 bytes of dataβ€”into the License Key field.

Doing so causes the application to crash, triggering a denial of service condition.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition.

An attacker with local access can crash the TransMac application by submitting a specially crafted oversized license key.

This can disrupt normal use of the application, potentially causing downtime or loss of availability.

Detection Guidance

This vulnerability involves a buffer overflow in the license key input field of TransMac 12.2, which can be triggered by submitting an oversized string. Detection would involve monitoring for application crashes or denial of service conditions when the license key field is used.

Since the vulnerability is triggered locally by inputting a payload of about 4000 bytes into the License Key field, detection commands would focus on monitoring the application behavior rather than network traffic.

No specific detection commands or network-based detection methods are provided in the available information.

Mitigation Strategies

Immediate mitigation steps include avoiding the input of oversized strings (around 4000 bytes) into the license key field of TransMac 12.2 to prevent triggering the buffer overflow.

Since the vulnerability requires local interaction, restricting access to the application and ensuring only trusted users can input license keys can reduce risk.

No specific patches or updates are mentioned in the provided information, so monitoring for vendor updates or patches is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25264. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart