Description
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or terminate abnormally.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Upgrade
AI Analysis

Impact

The vulnerability is a denial of service in Pixel Studio 2.17 caused by malformed keyboard input. When a local user enters arbitrary characters, the application crashes or hangs, disrupting workflow. The weakness is an input validation flaw (CWE‑807).

Affected Systems

Pixarra Pixel Studio 2.17 on Windows platforms is affected. Only the 2.17 release is impacted according to the available data; other versions are not listed as vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The EPSS score of less than 1% shows a low likelihood of active exploitation, and the vulnerability is not catalogued in the CISA KEV list. Attackers must be local users with access to the keyboard interface, so remote exploitation is not supported. An attacker able to inject input can cause the application to terminate or freeze, leading to a brief service interruption.

Generated by OpenCVE AI on March 24, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Pixel Studio to the latest version or apply a vendor patch that resolves the crash issue.
  • If an upgrade is delayed, limit the application’s exposure to untrusted keyboard input by restricting access to trusted users and running the program under minimal privilege accounts.

Generated by OpenCVE AI on March 24, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:pixel_studio:2.17:*:*:*:*:*:*:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra pixel Studio
Vendors & Products Pixarra
Pixarra pixel Studio

Mon, 23 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Description Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or terminate abnormally.
Title Pixel Studio 2.17 Denial of Service via Malformed Input
Weaknesses CWE-807
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Pixel Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:11:29.043Z

Reserved: 2026-03-23T13:46:05.684Z

Link: CVE-2019-25621

cve-icon Vulnrichment

Updated: 2026-03-25T14:11:25.325Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T14:16:26.283

Modified: 2026-03-24T14:22:37.573

Link: CVE-2019-25621

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:49:01Z

Weaknesses