Description
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to trigger an application crash.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

TwistedBrush Pro Studio version 24.06 contains a vulnerability that allows a local attacker to crash the application by importing a specially crafted .srp script file. The malicious file includes an excessively large buffer, and when it is loaded through the Script Player interface the program overflows and terminates unexpectedly, causing a denial of service for the user. This weakness is a classic example of a buffer overflow (CWE‑775).

Affected Systems

Pixarra’s TwistedBrush Pro Studio 24.06 is the only version listed as affected. No other versions or variants are documented. Users running this edition of the software should verify if they are vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS score of less than 1 % suggests low exploitation likelihood. The vulnerability is accessible only to local users with permission to import files, so it requires foothold on the host. Because it is not listed in the CISA KEV catalog, there is no evidence of active widespread exploitation. Nonetheless, the potential to cause service interruption for creative professionals warrants attention.

Generated by OpenCVE AI on March 24, 2026 at 17:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update TwistedBrush Pro Studio to a version where the crash issue is resolved if a patch is available.
  • If no patch exists, limit local and remote users from accessing the Script Player functionality or disable script importing features.
  • Monitor application logs for unexpected crashes that may indicate exploitation attempts.
  • Follow general security best practices by restricting file import privileges to trusted users only.

Generated by OpenCVE AI on March 24, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pixarra:twistedbrush_pro_studio:24.06:*:*:*:*:*:*:*

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Pixarra
Pixarra twistedbrush Pro Studio
Vendors & Products Pixarra
Pixarra twistedbrush Pro Studio

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to trigger an application crash.
Title TwistedBrush Pro Studio 24.06 Denial of Service via srp File
Weaknesses CWE-775
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pixarra Twistedbrush Pro Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T20:16:10.305Z

Reserved: 2026-03-21T12:29:43.100Z

Link: CVE-2019-25557

cve-icon Vulnrichment

Updated: 2026-03-23T20:15:58.242Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:18.410

Modified: 2026-03-24T16:32:35.660

Link: CVE-2019-25557

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:25Z

Weaknesses