{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25657", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-05T12:42:44.717Z", "datePublished": "2026-04-05T20:45:13.240Z", "dateUpdated": "2026-04-06T15:28:00.247Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-05T20:45:13.240Z"}, "datePublic": "2019-01-30T00:00:00.000Z", "title": "AnyBurn 4.3 x86 Denial of Service via Image Conversion", "descriptions": [{"lang": "en", "value": "AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to trigger a crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Sensitive Information in Resource Not Removed Before Reuse", "cweId": "CWE-226", "type": "CWE"}]}], "affected": [{"vendor": "Anyburn", "product": "AnyBurn x86", "versions": [{"version": "4.3 (32-bit)", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46289", "name": "ExploitDB-46289", "tags": ["exploit"]}, {"url": "http://www.anyburn.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: AnyBurn 4.3 x86 Denial of Service via Image Conversion", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/anyburn-x86-denial-of-service-via-image-conversion"}], "credits": [{"lang": "en", "value": "Dino Covotsos - Telspace Systems", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:08:19.399136Z", "id": "CVE-2019-25657", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:28:00.247Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "AnyBurn 4.3 x86 Denial of Service via Image Conversion", "credits": [{"lang": "en", "type": "finder", "value": "Dino Covotsos - Telspace Systems"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Anyburn", "product": "AnyBurn x86", "versions": [{"status": "affected", "version": "4.3 (32-bit)"}]}], "datePublic": "2019-01-30T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46289", "name": "ExploitDB-46289", "tags": ["exploit"]}, {"url": "http://www.anyburn.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/anyburn-x86-denial-of-service-via-image-conversion", "name": "VulnCheck Advisory: AnyBurn 4.3 x86 Denial of Service via Image Conversion", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to trigger a crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-226", "description": "Sensitive Information in Resource Not Removed Before Reuse"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-05T20:45:13.240Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25657", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T15:08:19.399136Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-06T15:08:20.428Z"}}]}, "cveMetadata": {"cveId": "CVE-2019-25657", "state": "PUBLISHED", "dateUpdated": "2026-04-05T20:45:13.240Z", "dateReserved": "2026-04-05T12:42:44.717Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-05T20:45:13.240Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anyburn:anyburn:*:*:*:*:*:*:x86:*", "matchCriteriaId": "052A748F-F90F-46D6-9B5E-D90991420260", "versionEndIncluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to trigger a crash."}], "id": "CVE-2019-25657", "lastModified": "2026-04-20T18:28:20.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-05T21:16:42.350", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.anyburn.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46289"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/anyburn-x86-denial-of-service-via-image-conversion"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-226"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.3 (32-bit)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AnyBurn x86", "source": "cna", "vendor": "Anyburn"}, "product": "anyburn_x86", "vendor": "anyburn"}], "analysis": {"en": {"generated_at": "2026-04-05T23:29:02.022429+00:00", "value": {"mitigation_remediation": ["Check for an updated version of AnyBurn that addresses this crash and install it immediately.", "If no update is available, restrict the use of the image conversion feature to trusted or administrative users only.", "Configure the application to disable or remove the conversion functionality if it is not required for day\u2011to\u2011day operations.", "Monitor system logs for abrupt termination events from AnyBurn and investigate suspicious activity.", "Apply general system hardening, such as limiting local user privileges, to reduce the window of opportunity for local exploit attempts."], "summary": {"action": "Update", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the AnyBurn software, version 4.3, running on x86 platforms. No other product versions or operating systems are mentioned, and there is no additional vendor entanglement beyond the AnyBurn developer.\n", "description_and_impact": "AnyBurn 4.3 x86 includes a flaw in its image conversion routine that lets a local user supply an oversized string to either the source or destination image field, causing the program to crash when the conversion is executed. This denial of service can result in unplanned downtime and loss of service availability for the application, affecting any user who triggers an in\u2011process crash. The weakness is captured as CWE\u2011226, buffer over-read leading to an application termination. No compromise of confidentiality or integrity is expected because the vulnerability requires local interaction and merely stops the service. The impact is confined to the specific instance of AnyBurn running on the affected environment.", "risk_and_exploitability": "The severity is moderate with a CVSS score of 6.8, indicating that the flaw can be actively used by a local attacker. No EPSS data is provided, and the issue is not listed in the CISA KEV catalog. Because the attacker must have local access and must exercise the conversion feature with crafted input, the attack vector is inferred as local. The crash termination is deterministic when the buffer overflow occurs, and the exploit path is straightforward \u2013 providing a long string to the conversion dialog and pressing Convert Now. This simplicity increases the likelihood that skilled users could reproduce the crash, but the overall probability of widespread exploitation remains uncertain without a known exploit in the wild.\n"}}}}, "created": "2026-04-06T20:22:59.894757+00:00", "updated": "2026-04-06T21:56:20.408241+00:00", "vendors": ["anyburn", "anyburn$PRODUCT$anyburn_x86"]}