Description
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in TransMac 12.2’s license key input field; an attacker can crash the application by entering an oversized string, causing a denial‑of‑service that is limited to the TransMac process and does not elevate privileges or compromise the operating system.

Affected Systems

The vulnerability affects Acutesystems TransMac 12.2. No other products or versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while an EPSS score of <1% shows a low likelihood of exploitation and the weakness is not currently listed in CISA’s KEV catalog. Attackers require local access to the system to supply the malicious string, making the attack vector local and dependent on the ability to run TransMac as a regular user.

Generated by OpenCVE AI on April 28, 2026 at 05:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of TransMac that contains the buffer‑overflow fix.
  • If an upgrade cannot be performed immediately, restrict execution of the TransMac binary to trusted administrator accounts only and disable any automatic launch or background services.
  • Monitor the application for unexpected crashes and consider running it inside a sandboxed or isolated environment until a formal patch is available.

Generated by OpenCVE AI on April 28, 2026 at 05:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Acutesystems
Acutesystems transmac
Vendors & Products Acutesystems
Acutesystems transmac

Mon, 27 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition.
Title TransMac 12.2 Denial of Service via License Key Field
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Acutesystems Transmac
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T16:52:51.410Z

Reserved: 2026-04-22T11:27:40.567Z

Link: CVE-2018-25264

cve-icon Vulnrichment

Updated: 2026-04-27T16:52:37.422Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:27.460

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25264

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:30:23Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')