CVE-2019-25625

Summary

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.

Affected Software

VendorProductVersion RangeStatus
PixarraBlob Studio2.17affected

Weaknesses

  • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References