Description
Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the application to crash and become unavailable.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The vulnerability lies in the key entry parsing routine of Paint Studio 2.17. Malformed input, such as a text file containing an excessively large buffer of characters, triggers a crash in the application. The crash results in a denial of service, preventing users from accessing or saving data in the affected session and mapping to CWE‑1285.

Affected Systems

Paint Studio 2.17 from Pixarra is the specific product affected. No other versions or vendors are listed in the data. The flaw is confined to local users who can run the application on the infected machine.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate risk level, while the EPSS score of less than 1% suggests that exploitation is expected to be rare. The vulnerability is not listed in the CISA KEV catalog. Attacks require local execution privileges to the software, enabling an attacker to disrupt service for the user or a local environment, but not to gain remote code execution or affect other hosts.

Generated by OpenCVE AI on March 24, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest update or patch for Paint Studio 2.17 to remove the vulnerability.
  • If an update is not available, restrict local user access to the application or disable the key entry feature until a fix is applied.

Generated by OpenCVE AI on March 24, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:paint_studio:2.17:*:*:*:*:*:*:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra paint Studio
Vendors & Products Pixarra
Pixarra paint Studio

Mon, 23 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Description Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the application to crash and become unavailable.
Title Paint Studio 2.17 Denial of Service via Malformed Input
Weaknesses CWE-1285
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Paint Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T18:49:57.594Z

Reserved: 2026-03-23T13:46:12.466Z

Link: CVE-2019-25622

cve-icon Vulnrichment

Updated: 2026-03-23T18:49:46.465Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T14:16:26.473

Modified: 2026-03-24T14:21:40.983

Link: CVE-2019-25622

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:48:59Z

Weaknesses