CVE-2018-25277
Received Received - Intake

Buffer Overflow in PixGPS 1.1.8 Causes Local DoS Crash

Vulnerability report for CVE-2018-25277, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-07-06
AI Q&A
2026-04-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, avoid supplying oversized strings (greater than 6000 bytes) to the 'Folder with picture files' input field in PixGPS 1.1.8.

Since the vulnerability allows local attackers to crash the application, restricting local access to trusted users only can reduce risk.

No patches or updates are mentioned in the provided information, so monitoring for vendor updates or applying any available patches when released is recommended.

Executive Summary

PixGPS version 1.1.8 has a buffer overflow vulnerability. This occurs when a local attacker inputs an excessively long stringβ€”over 6000 bytesβ€”into the folder path input field labeled 'Folder with picture files'. This oversized input causes the application to crash.

The vulnerability allows attackers to trigger a denial of service condition by crashing the application through this crafted input.

Impact Analysis

This vulnerability can impact you by causing the PixGPS application to crash unexpectedly when an attacker supplies an oversized string to the folder path input field.

The primary impact is a denial of service (DoS), which means legitimate users may be unable to use the application while it is crashed.

Detection Guidance

This vulnerability involves a buffer overflow triggered by supplying an oversized string (exceeding 6000 bytes) to the 'Folder with picture files' input field in PixGPS 1.1.8. Detection would involve monitoring or testing the application for crashes or denial of service conditions when such input is provided.

Since the vulnerability is local and triggered by input to a specific field, detection on a network level is unlikely. On the system, one could attempt to reproduce the issue by running PixGPS 1.1.8 and inputting an oversized string (>6000 bytes) into the folder path field to see if the application crashes.

No specific commands or automated detection tools are provided in the available information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25277. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart