CVE-2019-25623
Denial of Service in Luminance Studio 2.17 via Malformed Keyboard Input
Publication date: 2026-03-23
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pixarra | luminance_studio | 2.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-641 | The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2019-25623 is a denial of service (DoS) vulnerability in Luminance Studio version 2.17 and earlier. It allows local attackers to crash the application by providing malformed input through the keyboard interface.
Attackers can create a text file containing arbitrary character sequences and cause the application to process this input, which results in the application becoming unresponsive or terminating abnormally.
The vulnerability arises from improper restriction of names for files and other resources (CWE-641).
How can this vulnerability impact me? :
This vulnerability can cause Luminance Studio to crash or become unresponsive when processing specially crafted malformed input.
As a result, legitimate users may experience denial of service, losing access to the application and potentially interrupting their work.
The impact is on the availability of the application, which is rated as high according to the CVSS v4.0 score.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by observing if Luminance Studio 2.17 becomes unresponsive or crashes when processing certain input files. Specifically, creating and using a text file containing arbitrary or malformed character sequences can trigger the denial of service condition.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating a text file with a payload of 10 "A" characters (e.g., a file named "exp.txt" containing "AAAAAAAAAA") and then opening or processing this file with Luminance Studio 2.17. If the application crashes or becomes unresponsive, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'There are no specific network commands since the attack vector is local, but on the system, you can test by running Luminance Studio and providing the crafted input file through the keyboard interface or by loading the file.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of malformed or arbitrary input files with Luminance Studio 2.17, especially those created by untrusted sources.
Since the vulnerability requires local access and malformed input through the keyboard interface, restricting local user permissions and limiting access to the application can reduce risk.
Additionally, monitoring for application crashes and ensuring that users are aware not to open suspicious files can help mitigate exploitation.
Ultimately, applying any available patches or updates from the vendor that address this issue is recommended once they become available.