CVE-2018-25224

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://pms.sourceforge.net	Product
https://www.exploit-db.com/exploits/44426	Exploit VDB Entry
https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kimtore:practical_music_search:*:*:*:*:*:*:*:*

History

02 Apr 2026, 19:07

Type	Values Removed	Values Added
First Time		Kimtore Kimtore practical Music Search
References	~~() https://pms.sourceforge.net -~~	() https://pms.sourceforge.net - Product
References	~~() https://www.exploit-db.com/exploits/44426 -~~	() https://www.exploit-db.com/exploits/44426 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file -~~	() https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file - Third Party Advisory
Summary		(es) PMS 0.42 contiene una vulnerabilidad de desbordamiento de búfer basado en pila que permite a atacantes locales no autenticados ejecutar código arbitrario al proporcionar valores maliciosos en el archivo de configuración. Los atacantes pueden crear archivos de configuración con entradas de tamaño excesivo que desbordan el búfer de pila y ejecutar comandos de shell a través de gadgets de programación orientada a retorno.
CPE		cpe:2.3:a:kimtore:practical_music_search::::::::

28 Mar 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-28 12:16

Updated : 2026-04-02 19:07

NVD link : CVE-2018-25224

Mitre link : CVE-2018-25224

CVE.ORG link : CVE-2018-25224

JSON object : View

Products Affected

kimtore

practical_music_search

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2018-25224", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-28T12:16:03.370", "references": [{"url": "https://pms.sourceforge.net", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/44426", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets."}, {"lang": "es", "value": "PMS 0.42 contiene una vulnerabilidad de desbordamiento de b\u00fafer basado en pila que permite a atacantes locales no autenticados ejecutar c\u00f3digo arbitrario al proporcionar valores maliciosos en el archivo de configuraci\u00f3n. Los atacantes pueden crear archivos de configuraci\u00f3n con entradas de tama\u00f1o excesivo que desbordan el b\u00fafer de pila y ejecutar comandos de shell a trav\u00e9s de gadgets de programaci\u00f3n orientada a retorno."}], "lastModified": "2026-04-02T19:07:35.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kimtore:practical_music_search:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89922C89-7254-407D-83EF-0F427C9ADA54", "versionEndIncluding": "0.42"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}