CVE-2018-25294

HIGH EPSS 30.5%

Published Apr 26, 20262mo ago · Modified Jun 17, 20261w ago

8.7 CVSS 4.0

High

Published Apr 26, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

CVSS Details

Base Score

8.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

30.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-120

References 4

cewe-photoworld.com https://cewe-photoworld.com/
cewe-photoworld.com https://cewe-photoworld.com/creator-software/windows-download
exploit-db.com https://www.exploit-db.com/exploits/45211
vulncheck.com https://www.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denial-of-service

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.