CVE-2019-25552
Denial of Service via Buffer Overflow in CEWE PHOTO SHOW
Publication date: 2026-03-21
Last updated on: 2026-04-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cewe | photo_show | 6.4.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-836 | The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25552 is a denial of service (DoS) vulnerability in CEWE PHOTO SHOW version 6.4.3 and earlier. It occurs when an attacker submits an excessively long input string to the password field during the upload process. This large input causes the application to crash due to improper handling of large input buffers, effectively making the application unavailable.
The root cause is a buffer overflow condition triggered by pasting a large string of repeated characters into the password input, which the application fails to properly validate or limit.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the CEWE PHOTO SHOW application to crash, resulting in a denial of service. Attackers can exploit this by submitting a very long password input, which disrupts normal operation and prevents legitimate users from using the application.
The CVSS v4 base score of 8.7 indicates a high severity, with the attack requiring no privileges or user interaction and having a network attack vector. The impact is primarily on confidentiality, as indicated by the CVSS vector.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on CEWE PHOTO SHOW version 6.4.3 by submitting an excessively long string to the password field during the upload process.'}, {'type': 'paragraph', 'content': "A proof-of-concept exploit involves running a Python script that generates a file containing a large buffer of repeated characters (e.g., 5000 'A's), copying this buffer to the clipboard, and then pasting it into the password field of the application during upload to observe if the application crashes."}, {'type': 'list_item', 'content': 'Run the Python script "photoshow.py" to create a file "photoshow.txt" with a large buffer.'}, {'type': 'list_item', 'content': 'Copy the contents of "photoshow.txt" to the clipboard.'}, {'type': 'list_item', 'content': 'Open CEWE PHOTO SHOW 6.4.3 and click the "Upload" button.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the password field and check if the application crashes.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of CEWE PHOTO SHOW version 6.4.3 or earlier until a patch or update is available that properly handles large input buffers in the password field.
As a temporary measure, restrict or sanitize input to the password field to prevent excessively long strings from being submitted.
Monitor application usage and logs for unusual or repeated attempts to submit large password inputs that could indicate exploitation attempts.