Description
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Update Software
AI Analysis

Impact

The flaw allows a local attacker to crash PCHelpWareV2 1.0.0.5 by providing a BMP file that contains an oversized buffer. The malformed image causes the Create SC feature to fail, resulting in an unhandled error that terminates the application.

Affected Systems

UVNC’s PCHelpWareV2 version 1.0.0.5 and the identical UltraVNC 1.0.0.5 are vulnerable. Users running these specific releases are at risk when the Create SC feature processes a crafted BMP image.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. It requires local access — an attacker must be able to run or influence the application on the target system. Based on the description, the exploitation path involves a user who can supply a malicious BMP file to the Create SC feature, leading to an application crash. No remote or network‑based attack vector is documented.

Generated by OpenCVE AI on March 24, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor–supplied update for PCHelpWareV2 and UltraVNC once available.
  • If no patch is available, restrict or disable the Create SC functionality, or uninstall the application to prevent the crash.
  • Monitor system logs for repeated crashes and consider limiting local user permissions to run the affected application until a patch is released.

Generated by OpenCVE AI on March 24, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:uvnc:pchelpwarev2:1.0.0.5:*:*:*:*:*:*:*

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Uvnc pchelpwarev2
Vendors & Products Uvnc pchelpwarev2

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash.
Title PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation
First Time appeared Uvnc
Uvnc ultravnc
Weaknesses CWE-226
CPEs cpe:2.3:a:uvnc:ultravnc:1.0.0.5:*:*:*:*:*:*:*
Vendors & Products Uvnc
Uvnc ultravnc
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Uvnc Pchelpwarev2 Ultravnc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T20:13:05.084Z

Reserved: 2026-03-21T12:31:50.768Z

Link: CVE-2019-25563

cve-icon Vulnrichment

Updated: 2026-03-23T20:12:56.891Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:19.513

Modified: 2026-03-24T20:47:37.127

Link: CVE-2019-25563

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:20Z

Weaknesses