CVE-2019-25657
Denial of Service in AnyBurn 4.3 Image Conversion Function
Publication date: 2026-04-05
Last updated on: 2026-04-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anyburn | anyburn | to 4.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-226 | The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition where the AnyBurn application crashes when processing an excessively long string in the image conversion function.
This means that legitimate users may be unable to use the image conversion feature while the application is crashed, potentially disrupting workflows that depend on this functionality.
Can you explain this vulnerability to me?
This vulnerability exists in AnyBurn 4.3 x86 and is a denial of service issue. It allows local attackers to crash the application by providing an excessively long string to the image conversion function.
Specifically, an attacker can paste a large buffer into either the source or destination image file fields and then click the Convert Now button, which triggers the application to crash.