CVE-2018-25274
Received Received - Intake
Denial of Service in InfraRecorder 0.53 via Malicious Import

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25274
EUVD
EUVD-2018-21794
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
portableapps infrarecorder 0.53
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability involves a denial of service in InfraRecorder 0.53 triggered by importing a maliciously crafted text file containing 6000 bytes of data through the Edit menu's Import function.

Detection would involve verifying if the InfraRecorder application is present and at version 0.53, and testing whether importing a text file of approximately 6000 bytes causes the application to crash.

No specific commands or network detection methods are provided in the available information.

Mitigation Strategies

Immediate mitigation steps include avoiding importing text files of suspicious size or origin through the Edit menu's Import function in InfraRecorder 0.53.

Since the vulnerability requires local access to trigger, restricting local user permissions and monitoring usage of the Import function may help reduce risk.

No specific patches or updates are mentioned in the provided information.

Impact Analysis

The impact of this vulnerability is a denial of service (DoS) condition on the InfraRecorder application.

An attacker with local access can cause the application to crash by importing a maliciously crafted text file, potentially disrupting normal use of the software.

Executive Summary

This vulnerability exists in InfraRecorder version 0.53 and is a denial of service issue. It allows local attackers to crash the application by importing a specially crafted text file.

Specifically, an attacker can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function, which triggers the application to crash.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart