CVE-2018-25294

HIGH

CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

Title source: cna

Description

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gionathan Reale · pythondoswindows_x86-64

https://www.exploit-db.com/exploits/45211

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/45211

[Product] https://cewe-photoworld.com/

[Product] https://cewe-photoworld.com/creator-software/windows-download

[Third Party Advisory] https://www.vulncheck.com/advisories/cewe-photoshow-buffer-overflow-denial-of-service

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

Cewe-Photoworld/CEWE Photoshow 6.3.4

Published Apr 26, 2026

Tracked Since Apr 26, 2026