Description
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer overflow that causes the application to crash.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

TwistedBrush Pro Studio version 24.06 contains a buffer overflow vulnerability in its Resize Image function. By supplying an excessively long string into the New Width or New Height fields, a local attacker can overflow a buffer (CWE-787) and cause the application to crash. This leads to a denial of service without granting remote code execution or broader system compromise.

Affected Systems

The affected product is Pixarra TwistedBrush Pro Studio, specifically version 24.06. No other affected versions are listed in the advisory.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate to high severity, but the EPSS score of less than 1 % suggests exploitation is unlikely in the wild. The vulnerability is not listed in the CISA KEV catalog, indicating no widely known or actively leveraged exploits. Attackers must have local access to the victim system to trigger the buffer overflow; remote exploitation is not supported by the available data.

Generated by OpenCVE AI on March 24, 2026 at 17:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Pixarra’s website for an updated release of TwistedBrush Pro Studio and install it promptly.
  • If an update is not immediately available, run the application with the least privilege necessary and restrict local user access to the Resize Image function.
  • As a temporary measure, monitor user input to the resize fields and enforce length limits to prevent buffer overflow.

Generated by OpenCVE AI on March 24, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:twistedbrush_pro_studio:24.06:*:*:*:*:*:*:*

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra twistedbrush Pro Studio
Vendors & Products Pixarra
Pixarra twistedbrush Pro Studio

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer overflow that causes the application to crash.
Title TwistedBrush Pro Studio 24.06 Resize Image Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Twistedbrush Pro Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:38:08.741Z

Reserved: 2026-03-21T12:29:36.205Z

Link: CVE-2019-25556

cve-icon Vulnrichment

Updated: 2026-03-23T16:38:01.006Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:18.233

Modified: 2026-03-24T16:33:43.760

Link: CVE-2019-25556

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:27Z

Weaknesses