CVE-2019-25566
Received Received - Intake
Buffer Overflow in TransMac 12.3 Volume Name Causes Crash

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-05-07
AI Q&A
2026-03-21
EPSS Evaluated
2026-05-05
NVD
CVE-2019-25566
EUVD
EUVD-2019-19880
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acutesystems transmac 12.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2019-25566 is a buffer overflow vulnerability in TransMac version 12.3 that occurs in the volume name field during disk image creation.

A local attacker can exploit this vulnerability by supplying an excessively long stringβ€”such as a malicious file containing 1000 repeated charactersβ€”into the volume name field.

This causes an out-of-bounds write that crashes the application, resulting in a denial of service condition.

The exploit involves copying the crafted buffer to the clipboard and pasting it into the volume name input field when creating a new disk image, which triggers the crash.


How can this vulnerability impact me? :

This vulnerability can impact you by causing a denial of service (DoS) condition in the TransMac application.

An attacker with local access can crash the application by providing a specially crafted volume name, disrupting normal operations.

Since the vulnerability does not affect confidentiality or integrity, the main impact is unavailability of the application until it is restarted.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition in TransMac 12.3 by supplying an excessively long string in the volume name field during disk image creation.'}, {'type': 'paragraph', 'content': 'A practical detection method involves running a proof-of-concept exploit that uses a crafted buffer of 1000 repeated characters to trigger the application crash.'}, {'type': 'list_item', 'content': 'Run the provided Python script "TransMac.py" to generate a file named "TransMac.txt" containing the crafted buffer.'}, {'type': 'list_item', 'content': 'Copy the contents of "TransMac.txt" to the clipboard.'}, {'type': 'list_item', 'content': 'Open TransMac.exe, navigate to File > New Disk Image.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the "Volume name" input field.'}, {'type': 'list_item', 'content': 'Click "Ok" and save the new disk image (e.g., as "exploit.dmg").'}, {'type': 'paragraph', 'content': 'If TransMac crashes during this process, the vulnerability is present.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart