CVE-2019-25557
Received Received - Intake
Buffer Overflow in TwistedBrush Pro Studio Causes DoS Crash

Publication date: 2026-03-21

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25557
EUVD
EUVD-2019-19862
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pixarra twistedbrush_pro_studio 24.06
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-775 The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25557 is a denial of service vulnerability in TwistedBrush Pro Studio version 24.06. It occurs when a local attacker imports a specially crafted, malformed .srp script file containing an excessively large buffer through the Script Player interface. This malformed file causes the application to crash by triggering a buffer overflow condition due to improper handling of the input.

Impact Analysis

This vulnerability can cause the TwistedBrush Pro Studio application to crash, resulting in a denial of service. An attacker with local access can exploit this by importing a malicious .srp file, which disrupts normal use of the software. The impact is limited to availability, with no effect on confidentiality or integrity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to import a specially crafted .srp script file containing an excessively large buffer into TwistedBrush Pro Studio version 24.06. If the application crashes upon importing such a file, it indicates the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating a .srp file with a large buffer (for example, 500,000 "A" characters) and importing it through the Script Player interface in the application.'}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since the attack vector is local and requires importing a malformed file within the application.'}] [2]

Mitigation Strategies

To mitigate this vulnerability immediately, avoid importing untrusted or suspicious .srp script files into TwistedBrush Pro Studio version 24.06.

Restrict local access to the application to trusted users only, as the attack requires local access to import the malformed file.

Monitor for application crashes related to .srp file imports and consider disabling or limiting the use of the Script Player import functionality until a patch or update is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25557. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart