CVE-2018-25291
Received Received - Intake

Buffer Overflow in Project64 Plugin Directory Causes Application Crash

Vulnerability report for CVE-2018-25291, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description

Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-07-06
AI Q&A
2026-04-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
project64 project64 2.3.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Project64 version 2.3.2 and is a buffer overflow issue located in the Plugin Directory settings field.

Local attackers can exploit this by entering an excessively long stringβ€”specifically a 6000-byte payloadβ€”into the Plugin Directory field via the Options > Settings > Directories interface.

When the settings are reopened, this causes the application to crash due to the buffer overflow.

Impact Analysis

The primary impact of this vulnerability is that an attacker with local access can cause the Project64 application to crash by exploiting the buffer overflow.

This results in a denial of service (DoS) condition, disrupting normal use of the application.

There is no indication from the provided information that this vulnerability allows for code execution or data compromise.

Detection Guidance

This vulnerability involves a buffer overflow in the Plugin Directory settings field of Project64 2.3.2, which can be triggered by supplying an excessively long string (up to 6000 bytes) through the Options > Settings > Directories interface.

Detection would involve checking the Plugin Directory field for unusually long input values that could cause the application to crash when settings are reopened.

Since this is a local application vulnerability and no network-based detection commands or signatures are provided, detection commands would be specific to inspecting the application settings or logs for crashes related to the Plugin Directory field.

No specific commands or network detection methods are available from the provided information.

Mitigation Strategies

To mitigate this vulnerability, avoid entering excessively long strings (such as 6000-byte payloads) into the Plugin Directory settings field in Project64 2.3.2.

Limit user input length in the Plugin Directory field to prevent buffer overflow conditions.

If possible, update to a version of Project64 that addresses this vulnerability once available.

Monitor the application for crashes related to the Plugin Directory settings and restrict access to the settings interface to trusted users only.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25291. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart