Description
Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input, causing the application to become unresponsive or terminate abnormally.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

Luminance Studio 2.17 suffers a denial‑of‑service condition that is triggered by malformed input entered through the keyboard interface. The flaw originates from improper handling of arbitrary character sequences, described as CWE‑641, and results in the application becoming unresponsive or terminating. Local attackers can use this to interrupt normal service.

Affected Systems

The affected product is Pixarra Luminance Studio version 2.17. Only users running this exact version on local machines are at risk, as the vulnerability requires local input.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while an EPSS score below 1% and its absence from the KEV catalog imply that exploitation is unlikely in the wild. However, the attack vector is local, so any user with access to the machine can trigger the crash. The impact is an interruption of service, which can affect productivity in environments where the application is critical.

Generated by OpenCVE AI on March 24, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or newer release of Luminance Studio from Pixarra.
  • If no patch is available, avoid processing untrusted input by restricting the keyboard interface or running the application in a protected environment.
  • Regularly check the Pixarra website for security updates and apply them promptly.

Generated by OpenCVE AI on March 24, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:luminance_studio:2.17:*:*:*:*:*:*:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra luminance Studio
Vendors & Products Pixarra
Pixarra luminance Studio

Mon, 23 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Description Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input, causing the application to become unresponsive or terminate abnormally.
Title Luminance Studio 2.17 Denial of Service via Malformed Input
Weaknesses CWE-641
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Luminance Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T19:00:21.879Z

Reserved: 2026-03-23T13:46:19.225Z

Link: CVE-2019-25623

cve-icon Vulnrichment

Updated: 2026-03-23T19:00:06.164Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T14:16:26.657

Modified: 2026-03-24T14:19:57.467

Link: CVE-2019-25623

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:28:12Z

Weaknesses