CVE-2018-25271
Received Received - Intake

Buffer Overflow in Textpad 8.1.2 Causes Local DoS Crash

Vulnerability report for CVE-2018-25271, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-22

Last updated on: 2026-04-27

Assigner: VulnCheck

Description

Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools > Run to trigger a buffer overflow that crashes the application.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-22
Last Modified
2026-04-27
Generated
2026-07-06
AI Q&A
2026-04-22
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
helios textpad 8.1.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Textpad version 8.1.2 and is a denial of service issue. It allows local attackers to crash the application by providing an excessively long buffer string through the Run command interface.

Specifically, an attacker can paste a 5000-byte payload into the Command field via Tools > Run, which triggers a buffer overflow and causes the application to crash.

Detection Guidance

This vulnerability involves a local denial of service in Textpad 8.1.2 triggered by supplying an excessively long buffer string through the Run command interface. Detection would require checking if the application crashes when a large input is provided in the Tools > Run command field.

Since this is a local vulnerability triggered by a 5000-byte payload in the Run command, network-based detection is not applicable.

No specific commands or automated detection methods are provided in the available information.

Mitigation Strategies

To mitigate this vulnerability, avoid supplying excessively long strings (such as 5000 bytes) in the Run command interface of Textpad 8.1.2.

Restrict local user access to the application to prevent untrusted users from triggering the buffer overflow.

Monitor for application crashes related to the Run command and consider updating or patching the application if a fix becomes available.

Compliance Impact

The vulnerability in Textpad 8.1.2 is a local denial of service issue that causes the application to crash when an excessively long buffer string is supplied via the Run command interface.

There is no information provided in the context or resources about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition where the Textpad application crashes unexpectedly.

This can disrupt normal usage of the application, potentially causing loss of unsaved work and interrupting productivity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25271. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart