CEWE Photo Show Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in CEWE Photo Show version 6.4.3. This issue allows attackers to crash the application by entering an excessively long buffer into the password field during the upload process. The vulnerability can be exploited by pasting a large string of repeated characters into the password input, which triggers the application to crash.

Impact

Exploitation of this vulnerability leads to a crash of the CEWE Photo Show application, causing a denial-of-service condition where the application becomes unresponsive or unavailable to the user.

Reproduction

To reproduce this vulnerability, first run a Python script that generates a text file containing a buffer of repeated characters. Copy the contents of this file to the clipboard. Then, open CEWE Photo Show and initiate the upload process. Paste the clipboard contents into the password field. The application will crash shortly after.