CVE-2018-25198 MEDIUM

CVE-2018-25198: eToolz 3.4.8.0 Denial of Service via Buffer Overflow

Vendor Gaijin

Product eToolz

Weakness CWE-787

Published March 6, 2026

Last update March 9, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application.

Key dates

02Disclosure timeline

March 6, 2026 CVE published

March 9, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-25198 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

04Related CVE

CVE-2022-28826 Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2024-30297 When Adobe Animate parses FLA files, there is a heap out-of-bounds write vulnerability at Animate.exe+0x125D391 CVE-2025-6659 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2021-37404 Heap buffer overflow in libhdfs native library CVE-2024-4976 Out-of-bounds array write in Xpdf 4.05 due to missing object type check