Buffer Overflow Vulnerability in CrossFont 7.5 by Mikołaj Szymanski
CVE-2018-25273

6.9MEDIUM

Key Information:

Vendor: Acutesystems
Status: Crossfont
Vendor: CVE Published:; 26 April 2026

🔔 Create Acutesystems Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-25273?

CrossFont 7.5 is vulnerable to a buffer overflow issue due to inadequate input validation in the License Key field. Local attackers can exploit this vulnerability by crafting a malicious file containing an oversized payload of 4000 bytes, which when submitted, results in an application crash. This can lead to disruptions in service and potential denial of operations for users. Proper input handling and validation are essential to mitigate this security risk.

Affected Version(s)

CrossFont 7.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25273 - Proof of Concept

References

https://www.exploit-db.com/exploits/45494

exploit

https://www.vulncheck.com/advisories/crossfont-denial-of-...

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 26, 2026
👾
Exploit known to exist
Apr 26, 2026
Vulnerability published
Apr 26, 2026
Vulnerability Reserved
Apr 26, 2026

Credit

Gionathan "John" Reale

CVE-2018-25273 Data

JSON