{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25558", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-21T12:29:49.697Z", "datePublished": "2026-03-21T12:46:59.408Z", "dateUpdated": "2026-03-23T16:55:34.217Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:59.408Z"}, "title": "Selfie Studio 2.17 Denial of Service via Resize Image", "descriptions": [{"lang": "en", "value": "Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Pixarra", "product": "Selfie Studio", "versions": [{"version": "2.17", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46842", "name": "ExploitDB-46842", "tags": ["exploit"]}, {"url": "http://www.pixarra.com", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: Selfie Studio 2.17 Denial of Service via Resize Image", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/selfie-studio-denial-of-service-via-resize-image"}], "credits": [{"lang": "en", "value": "Alejandra S\u00e1nchez", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-05-14T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:53:19.207280Z", "id": "CVE-2019-25558", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:55:34.217Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25558", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:53:19.207280Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:54:08.180Z"}}], "cna": {"title": "Selfie Studio 2.17 Denial of Service via Resize Image", "credits": [{"lang": "en", "type": "finder", "value": "Alejandra S\u00e1nchez"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Pixarra", "product": "Selfie Studio", "versions": [{"status": "affected", "version": "2.17"}]}], "datePublic": "2019-05-14T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46842", "name": "ExploitDB-46842", "tags": ["exploit"]}, {"url": "http://www.pixarra.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/selfie-studio-denial-of-service-via-resize-image", "name": "VulnCheck Advisory: Selfie Studio 2.17 Denial of Service via Resize Image", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:59.408Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25558", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:55:34.217Z", "dateReserved": "2026-03-21T12:29:49.697Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-21T12:46:59.408Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pixarra:selfie_studio:2.17:*:*:*:*:*:*:*", "matchCriteriaId": "C5984C83-EA40-46A0-AC5B-E285FE4F733D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application."}, {"lang": "es", "value": "Selfie Studio 2.17 contiene una vulnerabilidad de denegaci\u00f3n de servicio en la funci\u00f3n Redimensionar Imagen que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar un b\u00fafer excesivamente largo. Los atacantes pueden pegar una cadena de caracteres larga en el campo Nuevo Ancho o Nueva Altura para desencadenar un desbordamiento de b\u00fafer que bloquea la aplicaci\u00f3n."}], "id": "CVE-2019-25558", "lastModified": "2026-04-16T17:55:01.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-21T13:16:18.590", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.pixarra.com"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46842"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/selfie-studio-denial-of-service-via-resize-image"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.17"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Selfie Studio", "source": "cna", "vendor": "Pixarra"}, "product": "selfie_studio", "vendor": "pixarra"}], "analysis": {"en": {"generated_at": "2026-03-21T14:53:55.799708+00:00", "value": {"mitigation_remediation": ["Check Pixarra\u2019s website and install the latest available Selfie Studio update if one exists.", "If no update is available, sanitize or limit the input length for the Resize Image fields to prevent buffer overflows.", "Consider disabling or removing the Resize Image feature until a patch is issued."], "summary": {"action": "Patch Immediately", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Pixarra\u2019s Selfie Studio component is affected, specifically version 2.17. Only the local installation of the application is impacted; no remote or network component is involved.", "description_and_impact": "Selfie Studio 2.17 contains a buffer overflow within the Resize Image function that can be triggered by a local user supplying a very long string in the New Width or New Height field. The overflow crashes the application, resulting in a denial of service. The weakness is a classic buffer overflow identified as CWE\u2011787 and has no impact on confidentiality or integrity.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a medium severity vulnerability. EPSS data is not available and the issue is not listed in CISA\u2019s KEV catalog, suggesting it is not a known widely exploited flaw. Because the exploitation requires direct interaction with the Resize Image form, the attack vector is local. An attacker can cause a crash simply by entering a long string, but does not gain elevated privileges or system access. Overall risk is moderate due to the limited scope but the ease of exploitation warrants rapid action."}}}}, "created": "2026-03-23T09:49:22.233462+00:00", "updated": "2026-03-25T14:47:25.050407+00:00", "vendors": ["pixarra", "pixarra$PRODUCT$selfie_studio"]}