AnyBurn 4.3 x86 includes a flaw in its image conversion routine that lets a local user supply an oversized string to either the source or destination image field, causing the program to crash when the conversion is executed. This denial of service can result in unplanned downtime and loss of service availability for the application, affecting any user who triggers an in‑process crash. The weakness is captured as CWE‑226, buffer over-read leading to an application termination. No compromise of confidentiality or integrity is expected because the vulnerability requires local interaction and merely stops the service. The impact is confined to the specific instance of AnyBurn running on the affected environment.

The vulnerability affects the AnyBurn software, version 4.3, running on x86 platforms. No other product versions or operating systems are mentioned, and there is no additional vendor entanglement beyond the AnyBurn developer.

The severity is moderate with a CVSS score of 6.8, indicating that the flaw can be actively used by a local attacker. No EPSS data is provided, and the issue is not listed in the CISA KEV catalog. Because the attacker must have local access and must exercise the conversion feature with crafted input, the attack vector is inferred as local. The crash termination is deterministic when the buffer overflow occurs, and the exploit path is straightforward – providing a long string to the conversion dialog and pressing Convert Now. This simplicity increases the likelihood that skilled users could reproduce the crash, but the overall probability of widespread exploitation remains uncertain without a known exploit in the wild.