Description
StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service condition.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Upgrade
AI Analysis

Impact

StyleWriter 1.0 contains a buffer overflow that can be triggered by supplying an excessively long string in the Pattern to Find or Advice Message fields. When a local attacker pastes a 6000‑byte payload into these fields, the application crashes, resulting in a denial of service. The flaw is a classic stack-based overflow (CWE‑120).

Affected Systems

Editorsoftware StyleWriter 1.0 on any operating system where users can access the Add Pattern dialog is affected. No specific OS, version, or configuration limitations are provided in the advisory.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity vulnerability. The EPSS score of less than 1% shows a very low probability of exploitation in the wild. It is not listed in CISA KEV, and only local users can trigger the crash. To exploit the flaw an attacker must have local access to the machine running StyleWriter and manually enter a long string in the vulnerable fields.

Generated by OpenCVE AI on April 28, 2026 at 05:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update StyleWriter to a version that contains the buffer‑overflow fix if one is available from Editorsoftware.
  • If an update is not yet released, restrict local user access to the application or run it under an account with least privilege to reduce the impact of a crash.
  • In the meantime, advise users not to paste unusually long strings into the Pattern to Find or Advice Message fields; if a crash occurs, troubleshoot or force‑quit the application.

Generated by OpenCVE AI on April 28, 2026 at 05:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Editorsoftware
Editorsoftware stylewriter
Vendors & Products Editorsoftware
Editorsoftware stylewriter

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service condition.
Title StyleWriter 1.0 Denial of Service via Pattern Input
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Editorsoftware Stylewriter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T14:06:22.237Z

Reserved: 2026-04-26T13:08:12.758Z

Link: CVE-2018-25288

cve-icon Vulnrichment

Updated: 2026-04-27T14:06:07.555Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:29.900

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25288

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:15:22Z

Weaknesses