CVE-2018-25278
Received Received - Intake
Denial of Service via Oversized Input in PicaJet FX

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description
PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields via the Help menu's Register PicaJet dialog to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25278
EUVD
EUVD-2018-21798
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
picajet fx 2.6.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in PicaJet FX version 2.6.5 and is a denial of service issue. It allows local attackers to crash the application by submitting oversized input to the registration fields.

Specifically, an attacker can paste a 6000-byte buffer into the Registration Name and Registration Key fields via the Help menu's Register PicaJet dialog, which triggers the application to crash.

Impact Analysis

The impact of this vulnerability is a denial of service condition where the PicaJet FX application crashes when oversized input is submitted to its registration fields.

This can disrupt normal use of the application, potentially causing loss of availability and interrupting workflows that depend on PicaJet FX.

Detection Guidance

This vulnerability involves submitting an oversized input (a 6000-byte buffer) into the Registration Name and Registration Key fields of the PicaJet FX 2.6.5 application via the Help menu's Register PicaJet dialog to cause a crash.

Detection would involve monitoring for application crashes related to the Register PicaJet dialog or attempts to input unusually large data into the registration fields.

However, no specific commands or network detection methods are provided in the available information.

Mitigation Strategies

The vulnerability allows local attackers to crash the application by submitting oversized input to registration fields.

Immediate mitigation steps would include restricting local access to the application to trusted users only and avoiding the use of the Register PicaJet dialog until a patch or update is available.

No specific mitigation commands or patches are provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25278. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart