Description
Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Tree Studio 2.17 contains a denial‑of‑service flaw that enables a local user to crash the program by typing arbitrary characters into the keyboard interface while the application is running. The malformed input causes the software to become unresponsive or terminate abnormally, disrupting normal workflow. This weakness is classified as improper input validation, identified by CWE‑168.

Affected Systems

The vulnerability affects Pixarra Tree Studio version 2.17 on any operating system where the application is installed and executed. No other versions are listed as vulnerable.

Risk and Exploitability

With a CVSS score of 6.9 the severity is moderate, and the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The flaw is not included in the CISA KEV catalog, indicating no known widespread use. Because the attack requires local access and only the keyboard input interface to inject malformed data, a malicious user can temporarily crash the software, potentially leading to unsaved work loss or productivity disruption.

Generated by OpenCVE AI on March 24, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for Tree Studio 2.17 as soon as it becomes available
  • Restrict local user permissions to the application if a patch cannot be applied
  • Monitor application responsiveness for abnormal crashes
  • Check Pixarra’s website or support channels for updates or advisories

Generated by OpenCVE AI on March 24, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:tree_studio:2.17:*:*:*:*:*:*:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra tree Studio
Vendors & Products Pixarra
Pixarra tree Studio

Mon, 23 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Description Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
Title Tree Studio 2.17 Denial of Service via Malformed Input
Weaknesses CWE-168
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Tree Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T14:59:29.120Z

Reserved: 2026-03-23T13:44:59.437Z

Link: CVE-2019-25620

cve-icon Vulnrichment

Updated: 2026-03-23T14:59:24.812Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T14:16:25.180

Modified: 2026-03-24T14:23:33.510

Link: CVE-2019-25620

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:49:02Z

Weaknesses