CVE-2019-25566
Received Received - Intake
Buffer Overflow in TransMac 12.3 Volume Name Causes Crash

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25566
EUVD
EUVD-2019-19880
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acutesystems transmac 12.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25566 is a buffer overflow vulnerability in TransMac version 12.3 that occurs in the volume name field during disk image creation.

A local attacker can exploit this vulnerability by supplying an excessively long stringβ€”such as a malicious file containing 1000 repeated charactersβ€”into the volume name field.

This causes an out-of-bounds write that crashes the application, resulting in a denial of service condition.

The exploit involves copying the crafted buffer to the clipboard and pasting it into the volume name input field when creating a new disk image, which triggers the crash.

Impact Analysis

This vulnerability can impact you by causing a denial of service (DoS) condition in the TransMac application.

An attacker with local access can crash the application by providing a specially crafted volume name, disrupting normal operations.

Since the vulnerability does not affect confidentiality or integrity, the main impact is unavailability of the application until it is restarted.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition in TransMac 12.3 by supplying an excessively long string in the volume name field during disk image creation.'}, {'type': 'paragraph', 'content': 'A practical detection method involves running a proof-of-concept exploit that uses a crafted buffer of 1000 repeated characters to trigger the application crash.'}, {'type': 'list_item', 'content': 'Run the provided Python script "TransMac.py" to generate a file named "TransMac.txt" containing the crafted buffer.'}, {'type': 'list_item', 'content': 'Copy the contents of "TransMac.txt" to the clipboard.'}, {'type': 'list_item', 'content': 'Open TransMac.exe, navigate to File > New Disk Image.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the "Volume name" input field.'}, {'type': 'list_item', 'content': 'Click "Ok" and save the new disk image (e.g., as "exploit.dmg").'}, {'type': 'paragraph', 'content': 'If TransMac crashes during this process, the vulnerability is present.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25566. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart