{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25625", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-23T13:46:33.423Z", "datePublished": "2026-03-23T13:48:40.449Z", "dateUpdated": "2026-03-23T15:58:10.717Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-23T13:48:40.449Z"}, "datePublic": "2019-01-11T00:00:00.000Z", "title": "Blob Studio 2.17 Denial of Service via Malformed Input", "descriptions": [{"lang": "en", "value": "Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Validation of Specified Index, Position, or Offset in Input", "cweId": "CWE-1285", "type": "CWE"}]}], "affected": [{"vendor": "Pixarra", "product": "Blob Studio", "versions": [{"version": "2.17", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46129", "name": "ExploitDB-46129", "tags": ["exploit"]}, {"url": "http://www.pixarra.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.pixarra.com/uploads/9/4/6/3/94635436/tbblobstudio_install.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Blob Studio 2.17 Denial of Service via Malformed Input", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/blob-studio-denial-of-service-via-malformed-input"}], "credits": [{"lang": "en", "value": "Ihsan Sencan", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:58:00.236591Z", "id": "CVE-2019-25625", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:58:10.717Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25625", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T15:58:00.236591Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:58:06.480Z"}}], "cna": {"title": "Blob Studio 2.17 Denial of Service via Malformed Input", "credits": [{"lang": "en", "type": "finder", "value": "Ihsan Sencan"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Pixarra", "product": "Blob Studio", "versions": [{"status": "affected", "version": "2.17"}]}], "datePublic": "2019-01-11T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46129", "name": "ExploitDB-46129", "tags": ["exploit"]}, {"url": "http://www.pixarra.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.pixarra.com/uploads/9/4/6/3/94635436/tbblobstudio_install.exe", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/blob-studio-denial-of-service-via-malformed-input", "name": "VulnCheck Advisory: Blob Studio 2.17 Denial of Service via Malformed Input", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1285", "description": "Improper Validation of Specified Index, Position, or Offset in Input"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-23T13:48:40.449Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25625", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:58:10.717Z", "dateReserved": "2026-03-23T13:46:33.423Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-23T13:48:40.449Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pixarra:blob_studio:2.17:*:*:*:*:*:*:*", "matchCriteriaId": "D5DD1FBF-57B5-495F-983C-A57FE145C933", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive."}], "id": "CVE-2019-25625", "lastModified": "2026-03-24T14:17:17.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-23T14:16:27.033", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.pixarra.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.pixarra.com/uploads/9/4/6/3/94635436/tbblobstudio_install.exe"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory", "VDB Entry", "Exploit"], "url": "https://www.exploit-db.com/exploits/46129"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/blob-studio-denial-of-service-via-malformed-input"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1285"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.17"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Blob Studio", "source": "cna", "vendor": "Pixarra"}, "product": "blob_studio", "vendor": "pixarra"}], "analysis": {"en": {"generated_at": "2026-03-24T15:24:59.566914+00:00", "value": {"mitigation_remediation": ["Apply the latest Pixarra Blob Studio update if available; if no patch exists, keep monitoring vendor announcements.", "Restrict local user access to the application or run it in a sandboxed environment to prevent untrusted input.", "Disable or remove the key entry feature if the functionality is not essential for the installation.", "Monitor application logs for unexpected crashes or unresponsiveness to detect attempted exploitation."], "summary": {"action": "Monitor", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of Pixarra Blob Studio version 2.17 on any operating system that allows local users to launch and interact with the program. No patch or fixed version is listed in the data, and no workaround is supplied. Attackers must have local access or be able to supply the key entry input file.", "description_and_impact": "The vulnerability is a denial\u2011of\u2011service flaw in Pixarra Blob Studio 2.17. A malicious user can exploit malformed input offered through the key entry mechanism to crash the application. Local attackers can create a text file containing a large payload of repeated characters and trigger the application to read it, leading to an unresponsive or crashed instance. This weakens availability and can disrupt user productivity. The weakness aligns with CWE\u20111285, which documents DoS via large input buffers.", "risk_and_exploitability": "The CVSS base score of 6.9 indicates high severity for a local denial\u2011of\u2011service. The EPSS score below 1% suggests a low probability of current exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog, implying no known widespread exploit. Because the exploit requires local input, it is mainly a threat in shared workstations or environments where untrusted users may run the application. Employing the vendor\u2019s update or restricting local use mitigates the risk."}}}}, "created": "2026-03-24T10:33:53.812755+00:00", "updated": "2026-03-25T21:28:10.471798+00:00", "vendors": ["pixarra", "pixarra$PRODUCT$blob_studio"]}