Valentina Studio 9.0.5 on Linux contains a local buffer overflow in the Host field of the connection dialog. When a user pastes a string longer than 264 bytes, the unvalidated input overflows a confined buffer, corrupting adjacent memory and causing the application to terminate. The flaw is classified as CWE‑787 and results in a denial of service for the user who launched the program; no code execution or privilege escalation is reported by the vendor.

The vulnerability affects Valentina Studio version 9.0.5 running on Linux operating systems. All installations of that release, regardless of distribution, are affected because the defect exists in the core client code responsible for parsing the Host field. Vendors have not indicated that later releases remove the flaw, so users should verify they are on a newer version.

The CVSS v3.1 score of 6.9 reflects a medium severity event that requires local access to the machine and legitimate interaction with the application. The absence of an EPSS score and the fact that the vulnerability is not listed in the CISA KEV catalog suggest that exploitation is limited or not widespread at present. An attacker can trigger the crash by simply entering a crafted host string during a connection attempt, resulting in a local denial of service that disrupts database management for the affected user.