CVE-2019-25625
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service via Malformed Input in Blob Studio

Publication date: 2026-03-23

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25625
EUVD
EUVD-2019-19990
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pixarra blob_studio 2.17
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1285 The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25625 is a denial of service (DoS) vulnerability in Blob Studio version 2.17 and earlier. It occurs because the application improperly validates input provided through its key entry mechanism. An attacker can create a text file containing a large buffer of repeated characters and cause Blob Studio to read this file, which triggers the application to crash or become unresponsive.

Impact Analysis

This vulnerability can cause Blob Studio to crash or become unresponsive when it processes malformed input. The impact is a denial of service, meaning legitimate users may be unable to use the application while it is affected. There is no indication that this vulnerability leads to data loss, data corruption, or unauthorized access, but it can disrupt availability of the software.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally. A common method is to create a text file containing a large buffer of repeated characters and then causing Blob Studio to read this file, which triggers the crash or unresponsiveness.'}, {'type': 'paragraph', 'content': 'A simple detection approach involves generating a test file with repeated characters and opening it with Blob Studio 2.17 to observe if the application crashes.'}, {'type': 'paragraph', 'content': 'For example, using a command like the following in a Unix-like environment or Windows with Python installed can create such a test file:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*10000)" > test_input.txt'}, {'type': 'paragraph', 'content': "Then, open the generated 'test_input.txt' file with Blob Studio and check if the application crashes or becomes unresponsive, indicating the presence of the vulnerability."}] [2, 3]

Mitigation Strategies

To mitigate this vulnerability immediately, avoid opening or processing untrusted or malformed input files with Blob Studio 2.17 or earlier versions.

Restrict local access to the application to trusted users only, as the attack requires local access.

Monitor and control the files that are loaded into Blob Studio to prevent maliciously crafted input files from being used.

Check for and apply any available patches or updates from the vendor that address this denial of service vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25625. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart