CVE-2019-25555

EUVD-2019-19858
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog to trigger an application crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VulnCheckCNA
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
pixarratwistedbrush_pro_studio
24.06
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.pixarra.com
https://www.exploit-db.com/exploits/46844
https://www.vulncheck.com/advisories/twistedbrush-pro-studio-script-recorder-denial-of-service