CVE-2019-25625

EUVD-2019-19990
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VulnCheckCNA
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
pixarrablob_studio
2.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.pixarra.com/
http://www.pixarra.com/uploads/9/4/6/3/94635436/tbblobstudio_install.exe
https://www.exploit-db.com/exploits/46129
https://www.vulncheck.com/advisories/blob-studio-denial-of-service-via-malformed-input