CVE-2019-25563

Summary

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash.

Affected Software

VendorProductVersion RangeStatus
UvncPCHelpWareV21.0.0.5affected

Weaknesses

  • CWE-226: Sensitive Information in Resource Not Removed Before Reuse

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References