High severity8.4NVD Advisory· Published Mar 28, 2026· Updated Apr 2, 2026

CVE-2018-25224

Description

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets.

Affected products

Kimtore/Practical Music Search
cpe:2.3:a:kimtore:practical_music_search:*:*:*:*:*:*:*:*
Range: <=0.42

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44426nvdExploitVDB Entry
www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-filenvdThird Party Advisory
pms.sourceforge.netnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000