Description
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition.
Published: 2026-03-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

AnyBurn 4.3 has a local buffer overflow in the image file name field of the 'Copy disk to Image' operation. The flaw allows a local attacker to supply an excessively long string – e.g., a 10000-byte payload – that overflows a buffer and causes the application to crash. This leads to a denial of service and is classified as CWE-787.

Affected Systems

The affected product is AnyBurn version 4.3 from AnyBurn. No other versions are listed as vulnerable.

Risk and Exploitability

The CVSS score is 6.9 and the EPSS probability is below 1%. The vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. A local attacker who can control the Image file name field can exploit the buffer overflow by executing the operation within the program. The impact is confined to the application, but repeated crashes may affect availability of the user's media processing workflow.

Generated by OpenCVE AI on March 27, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest AnyBurn release that addresses the buffer overflow.

Generated by OpenCVE AI on March 27, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Powersoftware
Powersoftware anyburn
CPEs cpe:2.3:a:powersoftware:anyburn:4.3:*:*:*:*:*:*:*
Vendors & Products Powersoftware
Powersoftware anyburn

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Anyburn
Anyburn anyburn
Vendors & Products Anyburn
Anyburn anyburn

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition.
Title AnyBurn 4.3 Denial of Service Local Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Anyburn Anyburn
Powersoftware Anyburn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T18:33:16.849Z

Reserved: 2026-03-26T13:17:00.377Z

Link: CVE-2018-25216

cve-icon Vulnrichment

Updated: 2026-03-26T18:33:12.667Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T14:16:05.507

Modified: 2026-03-27T18:17:14.090

Link: CVE-2018-25216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:26:11Z

Weaknesses