Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
CVE-2018-25328: VX Search 10.6.18: Malicious Input Can Crash the Application
CVE-2018-25328
Summary
A vulnerability in VX Search 10.6.18 allows attackers to crash the application by sending a specially crafted input file. This could potentially allow an attacker to execute malicious code, but only if they have access to the application's local environment. To protect against this vulnerability, update to the latest version of VX Search.
Original title
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can cr...
Original description
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute arbitrary code with application privileges.
nvd CVSS3.1
8.4
nvd CVSS4.0
8.6
Vulnerability type
CWE-120
Classic Buffer Overflow
Published: 17 May 2026 · Updated: 24 May 2026 · First seen: 17 May 2026