Description
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Monitor
AI Analysis

Impact

The vulnerability is a denial‑of‑service flaw in Pixarra Blob Studio 2.17. A malicious user can exploit malformed input offered through the key entry mechanism to crash the application. Local attackers can create a text file containing a large payload of repeated characters and trigger the application to read it, leading to an unresponsive or crashed instance. This weakens availability and can disrupt user productivity. The weakness aligns with CWE‑1285, which documents DoS via large input buffers.

Affected Systems

Affected systems are installations of Pixarra Blob Studio version 2.17 on any operating system that allows local users to launch and interact with the program. No patch or fixed version is listed in the data, and no workaround is supplied. Attackers must have local access or be able to supply the key entry input file.

Risk and Exploitability

The CVSS base score of 6.9 indicates high severity for a local denial‑of‑service. The EPSS score below 1% suggests a low probability of current exploitation. The vulnerability is not listed in CISA’s KEV catalog, implying no known widespread exploit. Because the exploit requires local input, it is mainly a threat in shared workstations or environments where untrusted users may run the application. Employing the vendor’s update or restricting local use mitigates the risk.

Generated by OpenCVE AI on March 24, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Pixarra Blob Studio update if available; if no patch exists, keep monitoring vendor announcements.
  • Restrict local user access to the application or run it in a sandboxed environment to prevent untrusted input.
  • Disable or remove the key entry feature if the functionality is not essential for the installation.
  • Monitor application logs for unexpected crashes or unresponsiveness to detect attempted exploitation.

Generated by OpenCVE AI on March 24, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:blob_studio:2.17:*:*:*:*:*:*:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra blob Studio
Vendors & Products Pixarra
Pixarra blob Studio

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Description Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.
Title Blob Studio 2.17 Denial of Service via Malformed Input
Weaknesses CWE-1285
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Blob Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:58:10.717Z

Reserved: 2026-03-23T13:46:33.423Z

Link: CVE-2019-25625

cve-icon Vulnrichment

Updated: 2026-03-23T15:58:06.480Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T14:16:27.033

Modified: 2026-03-24T14:17:17.590

Link: CVE-2019-25625

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:28:10Z

Weaknesses