{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25279", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-26T13:01:36.569Z", "datePublished": "2026-04-26T13:19:08.952Z", "dateUpdated": "2026-04-27T14:05:39.944Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-26T13:19:08.952Z"}, "datePublic": "2018-09-10T00:00:00.000Z", "title": "jiNa OCR Image to Text 1.0 Denial of Service via PNG", "descriptions": [{"lang": "en", "value": "jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Memory Allocation with Excessive Size Value", "cweId": "CWE-789", "type": "CWE"}]}], "affected": [{"vendor": "Convertimagetotext", "product": "jiNa OCR Image to Text", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45380", "name": "ExploitDB-45380", "tags": ["exploit"]}, {"url": "http://www.convertimagetotext.net/downloadsoftware.php", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: jiNa OCR Image to Text 1.0 Denial of Service via PNG", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/jina-ocr-image-to-text-denial-of-service-via-png"}], "credits": [{"lang": "en", "value": "Gionathan \"John\" Reale", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T14:05:14.808882Z", "id": "CVE-2018-25279", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T14:05:39.944Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25279", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T14:05:14.808882Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T14:05:24.143Z"}}], "cna": {"title": "jiNa OCR Image to Text 1.0 Denial of Service via PNG", "credits": [{"lang": "en", "type": "finder", "value": "Gionathan \"John\" Reale"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Convertimagetotext", "product": "jiNa OCR Image to Text", "versions": [{"status": "affected", "version": "1.0"}]}], "datePublic": "2018-09-10T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45380", "name": "ExploitDB-45380", "tags": ["exploit"]}, {"url": "http://www.convertimagetotext.net/downloadsoftware.php", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/jina-ocr-image-to-text-denial-of-service-via-png", "name": "VulnCheck Advisory: jiNa OCR Image to Text 1.0 Denial of Service via PNG", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-26T13:19:08.952Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25279", "state": "PUBLISHED", "dateUpdated": "2026-04-27T14:05:39.944Z", "dateReserved": "2026-04-26T13:01:36.569Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-26T13:19:08.952Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF."}], "id": "CVE-2018-25279", "lastModified": "2026-04-27T18:55:32.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-26T22:17:28.547", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.convertimagetotext.net/downloadsoftware.php"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/45380"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/jina-ocr-image-to-text-denial-of-service-via-png"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "jiNa OCR Image to Text", "source": "cna", "vendor": "Convertimagetotext"}, "product": "jina_ocr_image_to_text", "vendor": "convertimagetotext"}], "analysis": {"en": {"generated_at": "2026-04-28T13:22:58.496241+00:00", "value": {"mitigation_remediation": ["Install the latest version of jiNa OCR Image to Text if a patch is available from Convertimagetotext.", "Limit access to the application so that only trusted users can run it and provide image files.", "Validate or sanitise PNG files before they reach the OCR process, rejecting files that exceed reasonable size limits."], "summary": {"action": "Apply Update", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the jiNa OCR Image to Text application compiled in version 1.0, as distributed by Convertimagetotext. No other versions or product lines are referenced in the advisory.", "description_and_impact": "A local attacker can induce a denial of service by creating a specially crafted PNG file with an oversized buffer. When the jiNa OCR Image to Text 1.0 application attempts to convert this file to PDF, the buffer overflow causes the program to crash, resulting in an outage. The weakness is an Out\u2011of\u2011Bounds Buffer Access, classified as CWE\u2011789.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate impact. The EPSS score is listed as less than 1%, suggesting that exploitation is very unlikely in the wild. The vulnerability is not included in the CISA KEV catalog. Attackers must have local access to the system running the application; remote exploitation is not described in the data. There are no publicly known exploits beyond the exploit\u2011db reference, so the attack path requires an attacker with a foothold on the machine to supply the malformed PNG."}}}}, "created": "2026-04-27T19:52:19.630007+00:00", "updated": "2026-04-28T13:30:32.091233+00:00", "vendors": ["convertimagetotext", "convertimagetotext$PRODUCT$jina_ocr_image_to_text"]}