CVE-2018-25273
Received Received - Intake
Buffer Overflow in CrossFont 7.5 License Key Causes Crash

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an application crash when processing the input.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25273
EUVD
EUVD-2018-21793
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CrossFont 7.5 contains a buffer overflow vulnerability that can be triggered by local attackers. This happens when an attacker submits an oversized payload in the License Key field of the application.

Specifically, an attacker can create a malicious file containing 4000 bytes of data and paste it into the License Key input field. When the application processes this input, it causes a crash due to the buffer overflow.

Impact Analysis

This vulnerability allows local attackers to crash the CrossFont 7.5 application by submitting an oversized payload in the License Key field.

The impact is a denial of service condition where the application becomes unavailable or unstable due to the crash.

Detection Guidance

This vulnerability involves a buffer overflow triggered by submitting an oversized payload of 4000 bytes in the License Key field of the CrossFont 7.5 application.

Detection would involve monitoring for application crashes or abnormal behavior when processing License Key inputs.

Since the vulnerability is local and triggered by input to the application, network detection is unlikely to be effective.

No specific commands or detection tools are provided in the available information.

Mitigation Strategies

To mitigate this vulnerability, avoid submitting oversized payloads (such as 4000 bytes) in the License Key field of CrossFont 7.5.

Restrict local access to the application to trusted users only, as the attack requires local interaction.

Monitor the application for crashes and consider applying any available patches or updates from the vendor once released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart