CVE-2018-25273

MEDIUM

CrossFont 7.5 Denial of Service via License Key Field

Title source: cna

Description

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an application crash when processing the input.

Exploits (1)

exploitdb WORKING POC

by Gionathan Reale · pythondoswindows_x86

https://www.exploit-db.com/exploits/45494

View Code ZIP pw:eip

References (2)

[Exploit] https://www.exploit-db.com/exploits/45494

[Third Party Advisory] https://www.vulncheck.com/advisories/crossfont-denial-of-service-via-license-key-field

Scores

CVSS v3 6.2

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

Acutesystems/CrossFont 7.5

Published Apr 26, 2026

Tracked Since Apr 26, 2026