CVE-2019-25620 | THREATINT

Description

Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.

PUBLISHED Reserved 2026-03-23 | Published 2026-03-23 | Updated 2026-03-23 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Improper Handling of Inconsistent Special Elements

Product status

2.17

affected

Credits

Ihsan Sencan finder

References

www.exploit-db.com/exploits/46125 (ExploitDB-46125) exploit

www.pixarra.com/ (Official Product Homepage) product

www.pixarra.com/...9/4/6/3/94635436/tbtreestudio_install.exe (Product Reference) product

www.vulncheck.com/...o-denial-of-service-via-malformed-input (VulnCheck Advisory: Tree Studio 2.17 Denial of Service via Malformed Input) third-party-advisory

cve.org (CVE-2019-25620)

nvd.nist.gov (CVE-2019-25620)

Download JSON