CVE-2019-25623

Luminance Studio 2.17 Denial of Service via Malformed Input

CVSS 6.9 MEDIUMEPSS 0.2%CWE-641

In short

Luminance Studio 2.17 can crash when processing malformed text input from the keyboard. An attacker with local access can create a specially crafted text file to make the application stop working.

Technical detail

A local denial of service vulnerability exists in Luminance Studio 2.17's input handling mechanism (CWE-641: Weak Validation of Input Leading to DoS). An attacker can supply malformed character sequences via keyboard input or through text files to trigger application unresponsiveness or abnormal termination, requiring only local access and no authentication.

Summary generated and translated by AI from the official description.

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input, causing the application to become unresponsive or terminate abnormally.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Pixarra · Luminance Studio

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/46130 https://www.vulncheck.com/advisories/luminance-studio-denial-of-service-via-malformed-input http://www.pixarra.com/http://www.pixarra.com/uploads/9/4/6/3/94635436/tbluminancestudio_install.exe