Primary

Context

CEWE Photoshow Buffer Overflow Vulnerability in Login Dialog Allowing Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in CEWE Photoshow version 6.3.4, specifically within the login dialog. This vulnerability allows attackers to cause a denial-of-service condition by submitting oversized input. By injecting 4000 bytes of data into the email address and password fields, the application can be made to crash.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.

Reproduction

The vulnerability can be reproduced by running a Python script that creates a text file containing 4000 bytes of data. This file is then used to overwrite the email and password fields in the CEWE Photoshow login dialog. Once the 'OK' button is clicked, the application crashes.

Added: Apr 26, 2026, 10:31 PM

Updated: Apr 26, 2026, 10:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

6.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

6.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CEWE Photoshow Buffer Overflow Vulnerability in Login Dialog Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating