← back
CVE-2018-25273

CrossFont 7.5 Denial of Service via License Key Field

CVSS 6.9 MEDIUMEPSS 0.1%CWE-120
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an application crash when processing the input.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Acutesystems · CrossFont
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45494unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/45494https://www.vulncheck.com/advisories/crossfont-denial-of-service-via-license-key-field