CVE-2019-25567
Received Received - Intake
Buffer Overflow in Valentina Studio 9.0.5 Causes DoS

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input string. Attackers can trigger the vulnerability by pasting a crafted buffer exceeding 264 bytes into the Host field during server connection attempts, causing a denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25567
EUVD
EUVD-2019-19882
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
valentina-db studio 9.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The primary impact of this vulnerability is a denial of service. A local attacker can crash Valentina Studio by providing a specially crafted input that overflows the buffer in the Host field.

This crash disrupts normal application operation, potentially causing loss of unsaved work and interrupting database connection attempts.

Compliance Impact

I don't know

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the Host field in Valentina Studio 9.0.5 on Linux with inputs exceeding 264 bytes, as this triggers the buffer overflow.

Since the vulnerability is local and triggered by user input, restricting access to the application to trusted users and environments can reduce risk.

Monitoring for application crashes and avoiding pasting or entering oversized inputs into the Host field can prevent denial-of-service conditions.

Applying any available patches or updates from Valentina Technologies that address this vulnerability is recommended once released.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the buffer overflow condition locally on a system running Valentina Studio 9.0.5 on Linux. A proof-of-concept exploit involves creating a crafted input buffer of 264 characters and pasting it into the Host field of the connection dialog to trigger a crash.'}, {'type': 'list_item', 'content': "Generate a buffer of 264 'A' characters using a script or command."}, {'type': 'list_item', 'content': 'Copy the generated buffer to the clipboard.'}, {'type': 'list_item', 'content': 'Open Valentina Studio, go to File > Connect to..., select Valentina Server or SQLite Server.'}, {'type': 'list_item', 'content': 'Paste the buffer into the Host input field and attempt to connect.'}, {'type': 'paragraph', 'content': 'If the application crashes, the vulnerability is present and exploitable.'}] [1, 2]

Executive Summary

CVE-2019-25567 is a buffer overflow vulnerability in Valentina Studio version 9.0.5 on Linux. It occurs in the Host field of the connection dialog, where the application does not properly validate input length. By supplying an input string longer than 264 bytes, a local attacker can overflow the buffer.

This overflow causes the application to crash when the oversized input is pasted into the Host field during server connection attempts, leading to a denial-of-service condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25567. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart