{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25555", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-21T12:29:27.093Z", "datePublished": "2026-03-21T12:46:57.219Z", "dateUpdated": "2026-03-24T14:13:17.190Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:57.219Z"}, "title": "TwistedBrush Pro Studio 24.06 Script Recorder Denial of Service", "descriptions": [{"lang": "en", "value": "TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect Calculation of Buffer Size", "cweId": "CWE-131", "type": "CWE"}]}], "affected": [{"vendor": "Pixarra", "product": "TwistedBrush Pro Studio", "versions": [{"version": "24.06", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46844", "name": "ExploitDB-46844", "tags": ["exploit"]}, {"url": "http://www.pixarra.com", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: TwistedBrush Pro Studio 24.06 Script Recorder Denial of Service", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/twistedbrush-pro-studio-script-recorder-denial-of-service"}], "credits": [{"lang": "en", "value": "Alejandra S\u00e1nchez", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-05-14T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:13:07.143728Z", "id": "CVE-2019-25555", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:13:17.190Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25555", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:13:07.143728Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:13:13.118Z"}}], "cna": {"title": "TwistedBrush Pro Studio 24.06 Script Recorder Denial of Service", "credits": [{"lang": "en", "type": "finder", "value": "Alejandra S\u00e1nchez"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Pixarra", "product": "TwistedBrush Pro Studio", "versions": [{"status": "affected", "version": "24.06"}]}], "datePublic": "2019-05-14T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46844", "name": "ExploitDB-46844", "tags": ["exploit"]}, {"url": "http://www.pixarra.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/twistedbrush-pro-studio-script-recorder-denial-of-service", "name": "VulnCheck Advisory: TwistedBrush Pro Studio 24.06 Script Recorder Denial of Service", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-131", "description": "Incorrect Calculation of Buffer Size"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:46:57.219Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25555", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:13:17.190Z", "dateReserved": "2026-03-21T12:29:27.093Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-21T12:46:57.219Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pixarra:twistedbrush_pro_studio:24.06:*:*:*:*:*:*:*", "matchCriteriaId": "F62FE325-85CB-4E52-AE3C-34BADEBC03FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog to trigger an application crash."}, {"lang": "es", "value": "TwistedBrush Pro Studio 24.06 contiene una vulnerabilidad de denegaci\u00f3n de servicio en el componente Script Recorder que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar un b\u00fafer excesivamente grande. Los atacantes pueden pegar una cadena maliciosa que contiene 500.000 caracteres en el campo Descripci\u00f3n del di\u00e1logo Script Recorder para provocar un bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2019-25555", "lastModified": "2026-03-24T16:34:57.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-21T13:16:18.050", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.pixarra.com"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46844"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/twistedbrush-pro-studio-script-recorder-denial-of-service"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "24.06"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TwistedBrush Pro Studio", "source": "cna", "vendor": "Pixarra"}, "product": "twistedbrush_pro_studio", "vendor": "pixarra"}], "analysis": {"en": {"generated_at": "2026-03-24T18:25:39.316508+00:00", "value": {"mitigation_remediation": ["Check the Pixarra support portal or vendor website for an available patch that addresses the Script Recorder denial of service issue.", "If no patch is released, restrict local users\u2019 access to the Script Recorder dialog or disable the feature until a fix is available.", "Consider upgrading to a newer TwistedBrush Pro Studio release once the vendor provides a corrective update."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Pixarra\u2019s TwistedBrush Pro Studio version 24.06. No other versions or closely related products are identified as vulnerable in the publicly available data.", "description_and_impact": "TwistedBrush Pro Studio 24.06 incorporates a buffer size mismanagement flaw (CWE\u2011131) in its Script Recorder component. By supplying an excessively large string\u2014500,000 characters\u2014in the Description field of the Script Recorder dialog, a local attacker can cause the application to crash. The crash halts all studio operations until the program is restarted, resulting in a denial of service for the affected user or workstation.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, while an EPSS score of less than 1% suggests that exploitation is unlikely under current conditions. The flaw is not listed in the CISA KEV catalog. The attack vector is local, requiring the attacker to run the program and input the oversized string into the Script Recorder dialog. The impact is limited to availability; the flaw does not enable privilege escalation or information disclosure."}}}}, "created": "2026-03-23T09:49:24.896527+00:00", "updated": "2026-03-25T14:47:28.108707+00:00", "vendors": ["pixarra", "pixarra$PRODUCT$twistedbrush_pro_studio"]}