CVE-2018-25273

MEDIUM

CrossFont 7.5 Denial of Service via License Key Field

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25273. PoCs published by Gionathan Reale.

AI-analyzed exploit summary This Python script generates a 4000-byte buffer overflow payload to trigger a DoS in CrossFont 7.5 by pasting the payload into the 'License Key/Code' field. The exploit is straightforward and relies on a simple buffer overflow to crash the application.

Description

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an application crash when processing the input.

Exploits (1)

exploitdb WORKING POC
by Gionathan Reale · pythondoswindows_x86
https://www.exploit-db.com/exploits/45494

This Python script generates a 4000-byte buffer overflow payload to trigger a DoS in CrossFont 7.5 by pasting the payload into the 'License Key/Code' field. The exploit is straightforward and relies on a simple buffer overflow to crash the application.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CrossFont 7.5
No auth needed
Prerequisites: CrossFont 7.5 installed on Windows 7 32-bit · ability to paste payload into the 'License Key/Code' field
devstral-2 · analyzed Apr 26, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit
ExploitDB-45494
https://www.exploit-db.com/exploits/45494
Third Party Advisory third-party-advisory
VulnCheck Advisory: CrossFont 7.5 Denial of Service via License Key Field
https://www.vulncheck.com/advisories/crossfont-denial-of-service-via-license-key-field

Scores

CVSS v3 6.2
EPSS 0.0013
EPSS Percentile 2.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (1)
Acutesystems/CrossFont 7.5
Published Apr 26, 2026
Tracked Since Apr 26, 2026