CVE-2019-25567

Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input string. Attackers can trigger the vulnerability by pasting a crafted buffer exceeding 264 bytes into the Host field during server connection attempts, causing a denial of service.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://valentina-db.com/en/	Product
https://www.exploit-db.com/exploits/46439	Exploit VDB Entry
https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudio_x64_lin-deb?format=raw	Broken Link
https://www.vulncheck.com/advisories/valentina-studio-linux-buffer-overflow-via-host-field	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:valentina-db:studio:9.0.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*

History

16 Apr 2026, 18:12

Type	Values Removed	Values Added
References	~~() https://valentina-db.com/en/ -~~	() https://valentina-db.com/en/ - Product
References	~~() https://www.exploit-db.com/exploits/46439 -~~	() https://www.exploit-db.com/exploits/46439 - Exploit, VDB Entry
References	~~() https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudio_x64_lin-deb?format=raw -~~	() https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudio_x64_lin-deb?format=raw - Broken Link
References	~~() https://www.vulncheck.com/advisories/valentina-studio-linux-buffer-overflow-via-host-field -~~	() https://www.vulncheck.com/advisories/valentina-studio-linux-buffer-overflow-via-host-field - Third Party Advisory
Summary		(es) Valentina Studio 9.0.5 Linux contiene una vulnerabilidad de desbordamiento de búfer en el campo Host del diálogo de conexión que permite a atacantes locales bloquear la aplicación al proporcionar una cadena de entrada sobredimensionada. Los atacantes pueden activar la vulnerabilidad al pegar un búfer manipulado que exceda los 264 bytes en el campo Host durante los intentos de conexión al servidor, causando una denegación de servicio.
CPE		cpe:2.3:a:valentina-db:studio:9.0.5:::::::* cpe:2.3:o:linux:linux_kernel:-::::::x64:
First Time		Linux Valentina-db Linux linux Kernel Valentina-db studio

21 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-21 13:16

Updated : 2026-04-16 18:12

NVD link : CVE-2019-25567

Mitre link : CVE-2019-25567

CVE.ORG link : CVE-2019-25567

JSON object : View

Products Affected

valentina-db

studio

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

6.2 /10