CVE-2018-25277

MEDIUM

PixGPS 1.1.8 Buffer Overflow Denial of Service

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25277. PoCs published by Gionathan Reale.

AI-analyzed exploit summary This Python script generates a buffer overflow payload (6000 'A' characters) to trigger a DoS in PixGPS 1.1.8 by pasting the content into the 'Folder with picture files' field. The exploit is straightforward and relies on a simple buffer overflow to crash the application.

Description

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Gionathan Reale · pythondoswindows_x86
https://www.exploit-db.com/exploits/45381

This Python script generates a buffer overflow payload (6000 'A' characters) to trigger a DoS in PixGPS 1.1.8 by pasting the content into the 'Folder with picture files' field. The exploit is straightforward and relies on a simple buffer overflow to crash the application.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PixGPS 1.1.8
No auth needed
Prerequisites: PixGPS 1.1.8 installed on Windows 7 32-bit · ability to paste content into the application's input field
devstral-2 · analyzed Apr 26, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-45381
https://www.exploit-db.com/exploits/45381
Product product
Product Reference
http://www.br-software.com/pixgps11_setup.exe
Third Party Advisory third-party-advisory
VulnCheck Advisory: PixGPS 1.1.8 Buffer Overflow Denial of Service
https://www.vulncheck.com/advisories/pixgps-buffer-overflow-denial-of-service

Scores

CVSS v3 6.2
EPSS 0.0014
EPSS Percentile 3.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (1)
Br-Software/PixGPS 1.1.8
Published Apr 26, 2026
Tracked Since Apr 26, 2026