CVE-2019-25557
Buffer Overflow in TwistedBrush Pro Studio Causes DoS Crash
Publication date: 2026-03-21
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pixarra | twistedbrush_pro_studio | 24.06 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-775 | The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25557 is a denial of service vulnerability in TwistedBrush Pro Studio version 24.06. It occurs when a local attacker imports a specially crafted, malformed .srp script file containing an excessively large buffer through the Script Player interface. This malformed file causes the application to crash by triggering a buffer overflow condition due to improper handling of the input.
How can this vulnerability impact me? :
This vulnerability can cause the TwistedBrush Pro Studio application to crash, resulting in a denial of service. An attacker with local access can exploit this by importing a malicious .srp file, which disrupts normal use of the software. The impact is limited to availability, with no effect on confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to import a specially crafted .srp script file containing an excessively large buffer into TwistedBrush Pro Studio version 24.06. If the application crashes upon importing such a file, it indicates the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating a .srp file with a large buffer (for example, 500,000 "A" characters) and importing it through the Script Player interface in the application.'}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since the attack vector is local and requires importing a malformed file within the application.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, avoid importing untrusted or suspicious .srp script files into TwistedBrush Pro Studio version 24.06.
Restrict local access to the application to trusted users only, as the attack requires local access to import the malformed file.
Monitor for application crashes related to .srp file imports and consider disabling or limiting the use of the Script Player import functionality until a patch or update is available.