CVE-2018-25291
Received Received - Intake
Buffer Overflow in Project64 Plugin Directory Causes Application Crash

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25291
EUVD
EUVD-2018-21811
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
project64 project64 2.3.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Project64 version 2.3.2 and is a buffer overflow issue located in the Plugin Directory settings field.

Local attackers can exploit this by entering an excessively long stringβ€”specifically a 6000-byte payloadβ€”into the Plugin Directory field via the Options > Settings > Directories interface.

When the settings are reopened, this causes the application to crash due to the buffer overflow.

Impact Analysis

The primary impact of this vulnerability is that an attacker with local access can cause the Project64 application to crash by exploiting the buffer overflow.

This results in a denial of service (DoS) condition, disrupting normal use of the application.

There is no indication from the provided information that this vulnerability allows for code execution or data compromise.

Detection Guidance

This vulnerability involves a buffer overflow in the Plugin Directory settings field of Project64 2.3.2, which can be triggered by supplying an excessively long string (up to 6000 bytes) through the Options > Settings > Directories interface.

Detection would involve checking the Plugin Directory field for unusually long input values that could cause the application to crash when settings are reopened.

Since this is a local application vulnerability and no network-based detection commands or signatures are provided, detection commands would be specific to inspecting the application settings or logs for crashes related to the Plugin Directory field.

No specific commands or network detection methods are available from the provided information.

Mitigation Strategies

To mitigate this vulnerability, avoid entering excessively long strings (such as 6000-byte payloads) into the Plugin Directory settings field in Project64 2.3.2.

Limit user input length in the Plugin Directory field to prevent buffer overflow conditions.

If possible, update to a version of Project64 that addresses this vulnerability once available.

Monitor the application for crashes related to the Plugin Directory settings and restrict access to the settings interface to trusted users only.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25291. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart