CVE-2018-25224

HIGH

PMS 0.42 Stack-Based Buffer Overflow via Configuration File

Title source: cna

Description

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets.

Exploits (1)

exploitdb WORKING POC

by Juan Sacco · pythonlocallinux

https://www.exploit-db.com/exploits/44426

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/44426

[Product] https://pms.sourceforge.net

[Third Party Advisory] https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file

Scores

CVSS v3 8.4

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

kimtore/practical_music_search < 0.42

pms/PMS 0.42

Published Mar 28, 2026

Tracked Since Mar 29, 2026