How severe is CVE-2018-4038?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-4038?

This is classified as CWE-131, which is a common weakness in software security.

CVE-2018-4038 - HIGH Severity | CVSS 8.8

Vulnerability Description

An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.

Related Vulnerabilities

CVE-2005-0490

HIGH

CVSS:8.8(High)

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the i...

CWE-1312005

CVE-2021-3491

HIGH

CVSS:8.8(High)

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem...

CWE-1312021

CVE-2023-50736

CRITICAL

CVSS:9.0(Critical)

A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

CWE-1312023

CVE-2024-45287

CRITICAL

CVSS:9.1(Critical)

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.

CWE-1312024

CVE-2021-35134

HIGH

CVSS:8.4(High)

Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon ...

CWE-1312021

CVE-2025-46688

HIGH

CVSS:8.4(High)

quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

CWE-1312025