CVE-2019-25566
Received Received - Intake

Buffer Overflow in TransMac 12.3 Volume Name Causes Crash

Vulnerability report for CVE-2019-25566, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description

TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-07-06
AI Q&A
2026-03-21
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
acutesystems transmac 12.3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2019-25566 is a buffer overflow vulnerability in TransMac version 12.3 that occurs in the volume name field during disk image creation.

A local attacker can exploit this vulnerability by supplying an excessively long stringβ€”such as a malicious file containing 1000 repeated charactersβ€”into the volume name field.

This causes an out-of-bounds write that crashes the application, resulting in a denial of service condition.

The exploit involves copying the crafted buffer to the clipboard and pasting it into the volume name input field when creating a new disk image, which triggers the crash.

Impact Analysis

This vulnerability can impact you by causing a denial of service (DoS) condition in the TransMac application.

An attacker with local access can crash the application by providing a specially crafted volume name, disrupting normal operations.

Since the vulnerability does not affect confidentiality or integrity, the main impact is unavailability of the application until it is restarted.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition in TransMac 12.3 by supplying an excessively long string in the volume name field during disk image creation.'}, {'type': 'paragraph', 'content': 'A practical detection method involves running a proof-of-concept exploit that uses a crafted buffer of 1000 repeated characters to trigger the application crash.'}, {'type': 'list_item', 'content': 'Run the provided Python script "TransMac.py" to generate a file named "TransMac.txt" containing the crafted buffer.'}, {'type': 'list_item', 'content': 'Copy the contents of "TransMac.txt" to the clipboard.'}, {'type': 'list_item', 'content': 'Open TransMac.exe, navigate to File > New Disk Image.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the "Volume name" input field.'}, {'type': 'list_item', 'content': 'Click "Ok" and save the new disk image (e.g., as "exploit.dmg").'}, {'type': 'paragraph', 'content': 'If TransMac crashes during this process, the vulnerability is present.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25566. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart