Description
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A malformed JPEG file can cause CEWE PHOTO IMPORTER 6.4.3 to crash during image import. The vulnerability is caused by an oversized buffer in the image processing workflow, leading to an abrupt crash that renders the application unusable for legitimate users. This issue is a classic buffer overflow problem (CWE-226) that disrupts availability rather than compromising confidentiality or integrity.

Affected Systems

The vulnerability affects Cewe-Photoworld’s CEWE PHOTO IMPORTER product, specifically version 6.4.3. No other versions or products are listed as affected.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, with an EPSS score of less than 1% suggesting low likelihood of widespread exploitation at present. The vulnerability is not included in the CISA KEV catalog. Attacks would require a local attacker to place a crafted image into the import workflow; the effect is a denial of service. Because the attack surface is local and requires the ability to submit a file, it is less likely to be exercised remotely.

Generated by OpenCVE AI on April 10, 2026 at 02:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CEWE PHOTO IMPORTER to a version newer than 6.4.3 or apply the vendor’s patch once available. If an update is not immediately possible, avoid importing files from untrusted sources and monitor the application for unexpected crashes. Confirm that the latest install is not vulnerable by referencing the vendor’s release notes or security advisories.

Generated by OpenCVE AI on April 10, 2026 at 02:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Cewe
Cewe photo Importer
CPEs cpe:2.3:a:cewe:photo_importer:6.4.3:*:*:*:*:*:*:*
Vendors & Products Cewe
Cewe photo Importer

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Cewe-photoworld
Cewe-photoworld cewe Photo Importer
Vendors & Products Cewe-photoworld
Cewe-photoworld cewe Photo Importer

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.
Title CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image
Weaknesses CWE-226
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Cewe Photo Importer
Cewe-photoworld Cewe Photo Importer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:32:03.289Z

Reserved: 2026-03-21T12:29:12.781Z

Link: CVE-2019-25553

cve-icon Vulnrichment

Updated: 2026-03-23T16:31:59.802Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:17.680

Modified: 2026-04-10T01:19:10.910

Link: CVE-2019-25553

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:46:23Z

Weaknesses