CVE-2019-25623
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Luminance Studio 2.17 via Malformed Keyboard Input

Publication date: 2026-03-23

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input, causing the application to become unresponsive or terminate abnormally.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25623
EUVD
EUVD-2019-19987
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pixarra luminance_studio 2.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-641 The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Executive Summary

CVE-2019-25623 is a denial of service (DoS) vulnerability in Luminance Studio version 2.17 and earlier. It allows local attackers to crash the application by providing malformed input through the keyboard interface.

Attackers can create a text file containing arbitrary character sequences and cause the application to process this input, which results in the application becoming unresponsive or terminating abnormally.

The vulnerability arises from improper restriction of names for files and other resources (CWE-641).

Impact Analysis

This vulnerability can cause Luminance Studio to crash or become unresponsive when processing specially crafted malformed input.

As a result, legitimate users may experience denial of service, losing access to the application and potentially interrupting their work.

The impact is on the availability of the application, which is rated as high according to the CVSS v4.0 score.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by observing if Luminance Studio 2.17 becomes unresponsive or crashes when processing certain input files. Specifically, creating and using a text file containing arbitrary or malformed character sequences can trigger the denial of service condition.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating a text file with a payload of 10 "A" characters (e.g., a file named "exp.txt" containing "AAAAAAAAAA") and then opening or processing this file with Luminance Studio 2.17. If the application crashes or becomes unresponsive, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'There are no specific network commands since the attack vector is local, but on the system, you can test by running Luminance Studio and providing the crafted input file through the keyboard interface or by loading the file.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of malformed or arbitrary input files with Luminance Studio 2.17, especially those created by untrusted sources.

Since the vulnerability requires local access and malformed input through the keyboard interface, restricting local user permissions and limiting access to the application can reduce risk.

Additionally, monitoring for application crashes and ensuring that users are aware not to open suspicious files can help mitigate exploitation.

Ultimately, applying any available patches or updates from the vendor that address this issue is recommended once they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25623. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart