CVE-2019-25555
Received Received - Intake
Denial of Service via Large Buffer in TwistedBrush Script Recorder

Publication date: 2026-03-21

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-24
Generated
2026-05-07
AI Q&A
2026-03-21
EPSS Evaluated
2026-05-05
NVD
CVE-2019-25555
EUVD
EUVD-2019-19858
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pixarra twistedbrush_pro_studio 24.06
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-131 The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2019-25555 is a denial of service vulnerability in TwistedBrush Pro Studio version 24.06 affecting the Script Recorder component.

The vulnerability arises from an incorrect calculation of buffer size, which allows a local attacker to crash the application by supplying an excessively large input.

Specifically, an attacker can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog, triggering an application crash.


How can this vulnerability impact me? :

This vulnerability can cause the TwistedBrush Pro Studio application to crash, resulting in a denial of service.

Since the attack requires local access and no privileges or user interaction, an attacker with local access can disrupt normal use of the software by triggering the crash.

The impact is limited to availability, as the vulnerability does not affect confidentiality or integrity.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the affected system. Specifically, a test involves pasting a very large string (500,000 characters) into the Description field of the Script Recorder dialog in TwistedBrush Pro Studio 24.06 and observing if the application crashes.'}, {'type': 'paragraph', 'content': "A proof of concept involves running a Python script that generates a file containing 500,000 'A' characters, copying its contents to the clipboard, and then pasting it into the Description field of the Script Recorder dialog."}, {'type': 'list_item', 'content': 'Run the provided Python script (e.g., "TwistedBrush_recorder.py") to generate the large input file.'}, {'type': 'list_item', 'content': 'Copy the contents of the generated file (PoC.txt) to the clipboard.'}, {'type': 'list_item', 'content': "Open TwistedBrush Pro Studio, navigate to 'Record' > 'Script Recorder...'."}, {'type': 'list_item', 'content': 'Paste the clipboard content into the Description field.'}, {'type': 'list_item', 'content': "Click the 'Brush' button and observe if the application crashes, indicating the vulnerability."}] [2]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart