CVE-2019-25657

Summary

AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to trigger a crash.

Affected Software

VendorProductVersion RangeStatus
AnyburnAnyBurn x864.3 (32-bit)affected

Weaknesses

  • CWE-226: Sensitive Information in Resource Not Removed Before Reuse

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References