CVE-2018-25284
Buffer Overflow in HD Tune Pro 5.70 Causes Local DoS
Publication date: 2026-04-26
Last updated on: 2026-04-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hd_tune | hd_tune_pro | 5.70 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
HD Tune Pro 5.70 contains a buffer overflow vulnerability that can be triggered by local attackers.
This happens when an attacker supplies an excessively long string (a 6000-byte payload) in the folder or file name field within the File > Options > Save dialog.
The vulnerability allows the attacker to crash the application by overflowing its buffer.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by crashing the HD Tune Pro application.
Since it requires local access and no privileges or user interaction, an attacker with local access can disrupt the availability of the application.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid supplying excessively long strings (such as a 6000-byte payload) in the folder/file name field within HD Tune Pro 5.70, especially in the File > Options > Save dialog.
Since the vulnerability requires local access and is triggered by user input, restricting access to the application and educating users to not input overly long folder/file names can help prevent exploitation.
Additionally, monitor for updates or patches from the vendor that address this buffer overflow vulnerability and apply them as soon as they become available.