← back
CVE-2018-25277

PixGPS 1.1.8 Buffer Overflow Denial of Service

CVSS 6.9 MEDIUMEPSS 0.1%CWE-120
PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Br-Software · PixGPS
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45381unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/45381https://www.vulncheck.com/advisories/pixgps-buffer-overflow-denial-of-servicehttp://www.br-software.com/pixgps11_setup.exe