{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25553", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-21T12:29:12.781Z", "datePublished": "2026-03-21T12:46:55.830Z", "dateUpdated": "2026-03-23T16:32:03.289Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:55.830Z"}, "title": "CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image", "descriptions": [{"lang": "en", "value": "CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Sensitive Information in Resource Not Removed Before Reuse", "cweId": "CWE-226", "type": "CWE"}]}], "affected": [{"vendor": "Cewe-Photoworld", "product": "CEWE PHOTO IMPORTER", "versions": [{"version": "6.4.3", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46862", "name": "ExploitDB-46862", "tags": ["exploit"]}, {"url": "https://cewe-photoworld.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/cewe-photo-importer-denial-of-service-via-malformed-image"}], "credits": [{"lang": "en", "value": "Alejandra S\u00e1nchez", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-05-17T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:31:54.882315Z", "id": "CVE-2019-25553", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:32:03.289Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25553", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:31:54.882315Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:31:59.802Z"}}], "cna": {"title": "CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image", "credits": [{"lang": "en", "type": "finder", "value": "Alejandra S\u00e1nchez"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cewe-Photoworld", "product": "CEWE PHOTO IMPORTER", "versions": [{"status": "affected", "version": "6.4.3"}]}], "datePublic": "2019-05-17T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46862", "name": "ExploitDB-46862", "tags": ["exploit"]}, {"url": "https://cewe-photoworld.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/cewe-photo-importer-denial-of-service-via-malformed-image", "name": "VulnCheck Advisory: CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-226", "description": "Sensitive Information in Resource Not Removed Before Reuse"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:55.830Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25553", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:32:03.289Z", "dateReserved": "2026-03-21T12:29:12.781Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-21T12:46:55.830Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cewe:photo_importer:6.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "B998E6F1-ECC3-4DA1-A746-2A8ED1A5EE20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow."}, {"lang": "es", "value": "CEWE PHOTO IMPORTER 6.4.3 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al importar un archivo de imagen especialmente dise\u00f1ado. Los atacantes pueden crear un archivo JPG malformado con un b\u00fafer de tama\u00f1o excesivo y provocar el bloqueo a trav\u00e9s de la funcionalidad de importaci\u00f3n durante el flujo de trabajo de procesamiento de im\u00e1genes."}], "id": "CVE-2019-25553", "lastModified": "2026-04-10T01:19:10.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-21T13:16:17.680", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://cewe-photoworld.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46862"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/cewe-photo-importer-denial-of-service-via-malformed-image"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-226"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.4.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "CEWE PHOTO IMPORTER", "source": "cna", "vendor": "Cewe-Photoworld"}, "product": "cewe_photo_importer", "vendor": "cewe-photoworld"}], "analysis": {"en": {"generated_at": "2026-03-21T14:55:15.650788+00:00", "value": {"mitigation_remediation": ["Update CEWE PHOTO IMPORTER to the latest version or apply the vendor\u2019s patch for the 6.4.3 release", "Restrict local users from executing the import feature with untrusted image files", "Validate or sanitize image files before processing to prevent malformed inputs", "Monitor application logs for repeated crashes that may indicate exploitation attempts"], "summary": {"action": "Apply patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "CEWE PHOTO IMPORTER from Cewe\u2011Photoworld, version 6.4.3, is the sole affected product identified. No other versions or vendors are listed in the available data.", "description_and_impact": "The vulnerability in CEWE PHOTO IMPORTER 6.4.3 allows a local attacker to crash the application by importing a specially crafted JPEG file. A malformed image containing an oversized buffer triggers a failure in the image processing workflow, causing the program to terminate unexpectedly and denying service for legitimate users. The flaw is a clear example of data\u2011validation error leading to an unhandled exception and loss of availability.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate to high risk, while the EPSS score is unavailable and the vulnerability is not currently catalogued in the CISA KEV list. Exploitation requires local access and the ability to execute the import functionality with a crafted file; therefore, it is a local denial\u2011of\u2011service flaw that could impact users on the affected machine or within a shared environment."}}}}, "created": "2026-03-23T09:49:26.689357+00:00", "updated": "2026-03-25T14:47:29.939172+00:00", "vendors": ["cewe-photoworld", "cewe-photoworld$PRODUCT$cewe_photo_importer"]}