Description
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

Selfie Studio 2.17 contains a buffer overflow within the Resize Image function that can be triggered by a local user supplying a very long string in the New Width or New Height field. The overflow crashes the application, resulting in a denial of service. The weakness is a classic buffer overflow identified as CWE‑787 and has no impact on confidentiality or integrity.

Affected Systems

Pixarra’s Selfie Studio component is affected, specifically version 2.17. Only the local installation of the application is impacted; no remote or network component is involved.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity vulnerability. EPSS data is not available and the issue is not listed in CISA’s KEV catalog, suggesting it is not a known widely exploited flaw. Because the exploitation requires direct interaction with the Resize Image form, the attack vector is local. An attacker can cause a crash simply by entering a long string, but does not gain elevated privileges or system access. Overall risk is moderate due to the limited scope but the ease of exploitation warrants rapid action.

Generated by OpenCVE AI on March 21, 2026 at 14:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Pixarra’s website and install the latest available Selfie Studio update if one exists.
  • If no update is available, sanitize or limit the input length for the Resize Image fields to prevent buffer overflows.
  • Consider disabling or removing the Resize Image feature until a patch is issued.

Generated by OpenCVE AI on March 21, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:selfie_studio:2.17:*:*:*:*:*:*:*

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra selfie Studio
Vendors & Products Pixarra
Pixarra selfie Studio

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application.
Title Selfie Studio 2.17 Denial of Service via Resize Image
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Selfie Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:55:34.217Z

Reserved: 2026-03-21T12:29:49.697Z

Link: CVE-2019-25558

cve-icon Vulnrichment

Updated: 2026-03-23T16:54:08.180Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:18.590

Modified: 2026-04-16T17:55:01.000

Link: CVE-2019-25558

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:25Z

Weaknesses