Primary

Context

Color Notes Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Color Notes version 1.4. This issue allows attackers to crash the application by pasting extremely long character strings into note fields. The vulnerability arises from the app's inability to handle excessive input, leading to a crash. Exploitation involves generating a payload of 350,000 repeated characters, which can be pasted twice into a new note, causing the application to become unresponsive.

Impact

Exploitation of this vulnerability causes the application to stop responding, effectively crashing it.

Reproduction

To reproduce this vulnerability, open Color Notes version 1.4 on iOS. Create a new note and run a Python script that generates a text file containing 350,000 repeated characters. Copy the contents of this file and paste it twice into the note. The application will crash, demonstrating the denial-of-service condition.

Added: May 16, 2026, 4:24 PM

Updated: May 16, 2026, 4:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Color Notes Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Color Notes

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating