CVE-2018-25224

HIGH

PMS 0.42 Stack-Based Buffer Overflow via Configuration File

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25224. PoCs published by Juan Sacco.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in PMS 0.42, leveraging a ROP chain to execute '/bin/sh'. The payload is crafted to bypass NX by using return-oriented programming (ROP) gadgets to achieve arbitrary code execution.

Description

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets.

Exploits (1)

exploitdb WORKING POC

by Juan Sacco · pythonlocallinux

https://www.exploit-db.com/exploits/44426

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in PMS 0.42, leveraging a ROP chain to execute '/bin/sh'. The payload is crafted to bypass NX by using return-oriented programming (ROP) gadgets to achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PMS (Practical Music Search) 0.42

No auth needed

Prerequisites: PMS 0.42 installed on the target system · ability to write a malicious configuration file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44426

https://www.exploit-db.com/exploits/44426

Product product

Official Product Homepage

https://pms.sourceforge.net

Third Party Advisory third-party-advisory

VulnCheck Advisory: PMS 0.42 Stack-Based Buffer Overflow via Configuration File

https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file

Scores

CVSS v3 8.4

EPSS 0.0019

EPSS Percentile 8.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

kimtore/practical_music_search < 0.42

pms/PMS 0.42

Published Mar 28, 2026

Tracked Since Mar 29, 2026