Skip to content
CVSS 7.5 · HIGH

CVE-2018-25294

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

View on NVD

Analysis

This vulnerability affects CEWE Photoshow, a specific desktop application for photo products. The bug is a buffer overflow that results in a denial of service crash, which is not relevant to the MexicoDev community of web and backend developers.

Severity

Score: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: NONE
A: HIGH
Weakness (CWE): CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.1%)
Percentile: 16.7%
EPSS: 2026-05-06

Technical description

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

Published: 4/26/2026, 10:17:30 PM
Last modified: 4/27/2026, 6:53:00 PM

References

HomeEventsBlogResourcesTeam