CVE-2018-25274
Received Received - Intake

Denial of Service in InfraRecorder 0.53 via Malicious Import

Vulnerability report for CVE-2018-25274, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description

InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-07-06
AI Q&A
2026-04-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
portableapps infrarecorder 0.53

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The impact of this vulnerability is a denial of service (DoS) condition on the InfraRecorder application.

An attacker with local access can cause the application to crash by importing a maliciously crafted text file, potentially disrupting normal use of the software.

Detection Guidance

This vulnerability involves a denial of service in InfraRecorder 0.53 triggered by importing a maliciously crafted text file containing 6000 bytes of data through the Edit menu's Import function.

Detection would involve verifying if the InfraRecorder application is present and at version 0.53, and testing whether importing a text file of approximately 6000 bytes causes the application to crash.

No specific commands or network detection methods are provided in the available information.

Mitigation Strategies

Immediate mitigation steps include avoiding importing text files of suspicious size or origin through the Edit menu's Import function in InfraRecorder 0.53.

Since the vulnerability requires local access to trigger, restricting local user permissions and monitoring usage of the Import function may help reduce risk.

No specific patches or updates are mentioned in the provided information.

Executive Summary

This vulnerability exists in InfraRecorder version 0.53 and is a denial of service issue. It allows local attackers to crash the application by importing a specially crafted text file.

Specifically, an attacker can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function, which triggers the application to crash.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart