CVE-2018-25378
Deferred Deferred - Pending Action

Denial of Service in Notebook Pro 2.0 via Long Notebook Name

Vulnerability report for CVE-2018-25378, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: VulnCheck

Description

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Notebook Name field, and trigger an application crash when attempting to create and save the notebook.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-07-06
AI Q&A
2026-05-26
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Notebook Pro 2.0 and is a denial of service issue. It allows local attackers to crash the application by entering an excessively long string in the notebook name field.

An attacker can create a malicious text file containing 500 or more characters, then paste this content into the New Notebook Name field. When the attacker attempts to create and save the notebook with this long name, the application crashes.

Impact Analysis

This vulnerability can cause the Notebook Pro 2.0 application to crash, resulting in a denial of service. This means legitimate users may be unable to use the application while it is crashed.

Since the attack requires local access, an attacker with local access can disrupt normal operations by triggering the crash.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart