Description
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Easy PhotoResQ 1.0 contains a buffer overflow that can be triggered by local users who supply an excessively long string in the Folder/filename field of the File Options dialog. The overflow occurs when a 6000‑byte payload is entered, causing the application to crash and preventing further use. This flaw is classified as CWE‑120 and results in a denial of service local to the affected workstation.

Affected Systems

The vulnerability is limited to Hdtune’s Easy PhotoResQ application, specifically version 1.0. Any installation of this product exposed to local users is susceptible. No other vendors or product versions are documented as affected.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1% reflects a low probability of exploitation. The security advisory is not listed in the CISA KEV catalog. Exploitation requires local access and user interaction to supply the malicious filename; it does not raise privileges or allow remote compromise. Consequently, the impact is confined to the availability of the application on an individual machine, but a crashed instance could disrupt workflows or user experience if the tool is mission‑critical.

Generated by OpenCVE AI on April 28, 2026 at 05:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied patch or upgrade to a newer version of Easy PhotoResQ that resolves the buffer overflow
  • If an update is unavailable, restrict the execution of Easy PhotoResQ to trusted users and disable or remove the File Options dialog that accepts user‑supplied filenames
  • Monitor application logs for attempts to crash the program by unusually long filenames and investigate any such events
  • Check the vendor’s website regularly for new releases or advisories addressing this flaw

Generated by OpenCVE AI on April 28, 2026 at 05:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Hdtune
Hdtune easy Photoresq
Vendors & Products Hdtune
Hdtune easy Photoresq

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition.
Title Easy PhotoResQ 1.0 Buffer Overflow Denial of Service
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hdtune Easy Photoresq
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T13:31:06.206Z

Reserved: 2026-04-26T13:07:51.179Z

Link: CVE-2018-25286

cve-icon Vulnrichment

Updated: 2026-04-27T13:09:29.871Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:29.607

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25286

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:15:22Z

Weaknesses