CVE-2018-25294
Received Received - Intake
Buffer Overflow in CEWE Photoshow 6.3.4 Causes DoS Crash

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25294
EUVD
EUVD-2018-21814
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cewe photoshow 6.3.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2018-25294 is a buffer overflow vulnerability found in CEWE Photoshow version 6.3.4. It occurs in the login dialog where attackers can submit oversized input, specifically by injecting 4000 bytes of data into the email address and password fields.

This overflow allows attackers to crash the application, causing a denial of service condition.

Impact Analysis

This vulnerability can impact you by allowing an attacker to crash the CEWE Photoshow application through a denial of service attack.

Since the vulnerability does not affect confidentiality or integrity, the main impact is availability, meaning the application can be made unavailable to legitimate users.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25294. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart