CVE-2018-25277
Received Received - Intake
Buffer Overflow in PixGPS 1.1.8 Causes Local DoS Crash

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description
PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25277
EUVD
EUVD-2018-21797
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

PixGPS version 1.1.8 has a buffer overflow vulnerability. This occurs when a local attacker inputs an excessively long stringβ€”over 6000 bytesβ€”into the folder path input field labeled 'Folder with picture files'. This oversized input causes the application to crash.

The vulnerability allows attackers to trigger a denial of service condition by crashing the application through this crafted input.

Mitigation Strategies

To mitigate this vulnerability, avoid supplying oversized strings (greater than 6000 bytes) to the 'Folder with picture files' input field in PixGPS 1.1.8.

Since the vulnerability allows local attackers to crash the application, restricting local access to trusted users only can reduce risk.

No patches or updates are mentioned in the provided information, so monitoring for vendor updates or applying any available patches when released is recommended.

Impact Analysis

This vulnerability can impact you by causing the PixGPS application to crash unexpectedly when an attacker supplies an oversized string to the folder path input field.

The primary impact is a denial of service (DoS), which means legitimate users may be unable to use the application while it is crashed.

Detection Guidance

This vulnerability involves a buffer overflow triggered by supplying an oversized string (exceeding 6000 bytes) to the 'Folder with picture files' input field in PixGPS 1.1.8. Detection would involve monitoring or testing the application for crashes or denial of service conditions when such input is provided.

Since the vulnerability is local and triggered by input to a specific field, detection on a network level is unlikely. On the system, one could attempt to reproduce the issue by running PixGPS 1.1.8 and inputting an oversized string (>6000 bytes) into the folder path field to see if the application crashes.

No specific commands or automated detection tools are provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25277. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart