CVE-2018-25277
Buffer Overflow in PixGPS 1.1.8 Causes Local DoS Crash
Publication date: 2026-04-26
Last updated on: 2026-04-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
PixGPS version 1.1.8 has a buffer overflow vulnerability. This occurs when a local attacker inputs an excessively long stringβover 6000 bytesβinto the folder path input field labeled 'Folder with picture files'. This oversized input causes the application to crash.
The vulnerability allows attackers to trigger a denial of service condition by crashing the application through this crafted input.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid supplying oversized strings (greater than 6000 bytes) to the 'Folder with picture files' input field in PixGPS 1.1.8.
Since the vulnerability allows local attackers to crash the application, restricting local access to trusted users only can reduce risk.
No patches or updates are mentioned in the provided information, so monitoring for vendor updates or applying any available patches when released is recommended.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the PixGPS application to crash unexpectedly when an attacker supplies an oversized string to the folder path input field.
The primary impact is a denial of service (DoS), which means legitimate users may be unable to use the application while it is crashed.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a buffer overflow triggered by supplying an oversized string (exceeding 6000 bytes) to the 'Folder with picture files' input field in PixGPS 1.1.8. Detection would involve monitoring or testing the application for crashes or denial of service conditions when such input is provided.
Since the vulnerability is local and triggered by input to a specific field, detection on a network level is unlikely. On the system, one could attempt to reproduce the issue by running PixGPS 1.1.8 and inputting an oversized string (>6000 bytes) into the folder path field to see if the application crashes.
No specific commands or automated detection tools are provided in the available information.