CVE-2018-25224

High CVSS: 8.6

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets.

Vendor

Kimtore

Product

Practical Music Search

CWE

CWE-306

Yayın Tarihi

2026-03-28 12:16:03

Güncelleme

2026-04-02 19:07:35

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 Practical Music Search HIGH Kimtore 2026

Referanslar

https://pms.sourceforge.net https://www.exploit-db.com/exploits/44426 https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file