← back
CVE-2018-25278

PicaJet FX 2.6.5 Denial of Service via Registration Fields

CVSS 6.9 MEDIUMEPSS 0.1%CWE-120
PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields via the Help menu's Register PicaJet dialog to trigger an application crash.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Picajet · PicaJet FX
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45383unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/45383https://www.vulncheck.com/advisories/picajet-fx-denial-of-service-via-registration-fields