CVE-2018-25291
Buffer Overflow in Project64 Plugin Directory Causes Application Crash
Publication date: 2026-04-26
Last updated on: 2026-04-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| project64 | project64 | 2.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a buffer overflow in the Plugin Directory settings field of Project64 2.3.2, which can be triggered by supplying an excessively long string (up to 6000 bytes) through the Options > Settings > Directories interface.
Detection would involve checking the Plugin Directory field for unusually long input values that could cause the application to crash when settings are reopened.
Since this is a local application vulnerability and no network-based detection commands or signatures are provided, detection commands would be specific to inspecting the application settings or logs for crashes related to the Plugin Directory field.
No specific commands or network detection methods are available from the provided information.
Can you explain this vulnerability to me?
This vulnerability exists in Project64 version 2.3.2 and is a buffer overflow issue located in the Plugin Directory settings field.
Local attackers can exploit this by entering an excessively long stringβspecifically a 6000-byte payloadβinto the Plugin Directory field via the Options > Settings > Directories interface.
When the settings are reopened, this causes the application to crash due to the buffer overflow.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that an attacker with local access can cause the Project64 application to crash by exploiting the buffer overflow.
This results in a denial of service (DoS) condition, disrupting normal use of the application.
There is no indication from the provided information that this vulnerability allows for code execution or data compromise.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid entering excessively long strings (such as 6000-byte payloads) into the Plugin Directory settings field in Project64 2.3.2.
Limit user input length in the Plugin Directory field to prevent buffer overflow conditions.
If possible, update to a version of Project64 that addresses this vulnerability once available.
Monitor the application for crashes related to the Plugin Directory settings and restrict access to the settings interface to trusted users only.