Skip to content
CVSS 7.5 · HIGH

CVE-2018-25294

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

Ver en NVD

Análisis

This vulnerability affects CEWE Photoshow, a specific desktop application for photo products. The bug is a buffer overflow that results in a denial of service crash, which is not relevant to the MexicoDev community of web and backend developers.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: NONE
A: HIGH
Tipo de falla (CWE): CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0005 (0.1%)
Percentil: 16.7%
EPSS: 2026-05-06

Descripción técnica

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

Publicada: 26/4/2026, 22:17:30
Última modificación: 27/4/2026, 18:53:00

Referencias

InicioEventosBlogRecursosEquipo