Description
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Liquid Studio 2.17 contains a flaw that allows a local user to crash the application by entering malformed characters via the keyboard. The input is not properly validated, leading to an unexpected termination or freeze of the process. The weakness is a classic input validation issue (CWE‑606), presenting a moderate severity denial‑of‑service scenario. When exploited, the affected system will experience loss of availability for the application, potentially disrupting workflows that rely on it.

Affected Systems

The vulnerability is specific to Pixarra’s Liquid Studio version 2.17. The description and CPE string confirm that only this version is affected, with no other version information supplied. It is therefore important to identify installations of this exact release.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate impact. The EPSS score of less than 1% suggests that current exploitation is unlikely, and the issue is not listed in the KEV catalog. The attack vector is local, requiring that an attacker have access to the machine and be able to interact with the application’s keyboard interface. Without privileged or remote access, the likelihood of widespread exploitation remains low, though the availability impact is still significant for affected users.

Generated by OpenCVE AI on March 24, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether a newer, patched version of Liquid Studio is available from Pixarra and upgrade accordingly. If no patch exists, consider limiting the application’s use to trusted users or running it in a controlled environment.

Generated by OpenCVE AI on March 24, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:liquid_studio:2.17:*:*:*:*:*:*:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra liquid Studio
Vendors & Products Pixarra
Pixarra liquid Studio

Mon, 23 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Description Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
Title Liquid Studio 2.17 Denial of Service via Malformed Input
Weaknesses CWE-606
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Liquid Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T15:14:04.055Z

Reserved: 2026-03-23T13:46:26.421Z

Link: CVE-2019-25624

cve-icon Vulnrichment

Updated: 2026-03-24T14:01:09.704Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T14:16:26.850

Modified: 2026-03-24T14:18:37.330

Link: CVE-2019-25624

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:28:11Z

Weaknesses