CVE-2019-25621

Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or terminate abnormally.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.pixarra.com/	Product
http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudio_install.exe	Product
https://www.exploit-db.com/exploits/46127	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/pixel-studio-denial-of-service-via-malformed-input	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pixarra:pixel_studio:2.17:*:*:*:*:*:*:*

History

24 Mar 2026, 14:22

Type	Values Removed	Values Added
First Time		Pixarra Pixarra pixel Studio
References	~~() http://www.pixarra.com/ -~~	() http://www.pixarra.com/ - Product
References	~~() http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudio_install.exe -~~	() http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudio_install.exe - Product
References	~~() https://www.exploit-db.com/exploits/46127 -~~	() https://www.exploit-db.com/exploits/46127 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/pixel-studio-denial-of-service-via-malformed-input -~~	() https://www.vulncheck.com/advisories/pixel-studio-denial-of-service-via-malformed-input - Third Party Advisory
CPE		cpe:2.3:a:pixarra:pixel_studio:2.17:::::::*

23 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-23 14:16

Updated : 2026-03-24 14:22

NVD link : CVE-2019-25621

Mitre link : CVE-2019-25621

CVE.ORG link : CVE-2019-25621

JSON object : View

Products Affected

pixarra

pixel_studio

CWE

CWE-807

Reliance on Untrusted Inputs in a Security Decision

{"id": "CVE-2019-25621", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-23T14:16:26.283", "references": [{"url": "http://www.pixarra.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudio_install.exe", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46127", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/pixel-studio-denial-of-service-via-malformed-input", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-807"}]}], "descriptions": [{"lang": "en", "value": "Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or terminate abnormally."}], "lastModified": "2026-03-24T14:22:37.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pixarra:pixel_studio:2.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC195E2E-6E1A-41D3-A4CE-B1FB33768194"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}