Description
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog to trigger an application crash.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

TwistedBrush Pro Studio 24.06 incorporates a buffer size mismanagement flaw (CWE‑131) in its Script Recorder component. By supplying an excessively large string—500,000 characters—in the Description field of the Script Recorder dialog, a local attacker can cause the application to crash. The crash halts all studio operations until the program is restarted, resulting in a denial of service for the affected user or workstation.

Affected Systems

The vulnerability affects Pixarra’s TwistedBrush Pro Studio version 24.06. No other versions or closely related products are identified as vulnerable in the publicly available data.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while an EPSS score of less than 1% suggests that exploitation is unlikely under current conditions. The flaw is not listed in the CISA KEV catalog. The attack vector is local, requiring the attacker to run the program and input the oversized string into the Script Recorder dialog. The impact is limited to availability; the flaw does not enable privilege escalation or information disclosure.

Generated by OpenCVE AI on March 24, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Pixarra support portal or vendor website for an available patch that addresses the Script Recorder denial of service issue.
  • If no patch is released, restrict local users’ access to the Script Recorder dialog or disable the feature until a fix is available.
  • Consider upgrading to a newer TwistedBrush Pro Studio release once the vendor provides a corrective update.

Generated by OpenCVE AI on March 24, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:twistedbrush_pro_studio:24.06:*:*:*:*:*:*:*

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra twistedbrush Pro Studio
Vendors & Products Pixarra
Pixarra twistedbrush Pro Studio

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog to trigger an application crash.
Title TwistedBrush Pro Studio 24.06 Script Recorder Denial of Service
Weaknesses CWE-131
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Twistedbrush Pro Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T14:13:17.190Z

Reserved: 2026-03-21T12:29:27.093Z

Link: CVE-2019-25555

cve-icon Vulnrichment

Updated: 2026-03-24T14:13:13.118Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:18.050

Modified: 2026-03-24T16:34:57.090

Link: CVE-2019-25555

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:28Z

Weaknesses