Description
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (application crash)
Action: Patch
AI Analysis

Impact

TransMac 12.3 includes a buffer overflow in the volume name field used during disk image creation. By supplying a string of 1000 repeated characters and pasting it into that field, a local attacker can cause the application to crash, resulting in a denial of service. This weakness aligns with CWE-787 (Out-of-bounds Write).

Affected Systems

Acutesystems’ TransMac, version 12.3. No other versions are indicated as affected. Users running this exact version should be aware of the vulnerability.

Risk and Exploitability

With a CVSS base score of 6.9, the vulnerability poses a moderate risk. The lack of an EPSS score or KEV listing suggests limited public exploitation, but the local attack vector means that anyone with file-system access can trigger the crash by creating the malicious file during image creation. The impact is limited to denial of service, not confidentiality or integrity compromise, and requires only user interaction to exploit.

Generated by OpenCVE AI on March 21, 2026 at 14:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest TransMac release available from Acutesystems.
  • If an update is unavailable, restrict local access to the TransMac executable.
  • Avoid entering long volume names when creating disk images until a patch is applied.

Generated by OpenCVE AI on March 21, 2026 at 14:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:acutesystems:transmac:12.3:*:*:*:*:*:*:*

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Acutesystems
Acutesystems transmac
Vendors & Products Acutesystems
Acutesystems transmac

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.
Title TransMac 12.3 Denial of Service via Volume Name Field
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Acutesystems Transmac
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:39:26.509Z

Reserved: 2026-03-21T12:34:49.285Z

Link: CVE-2019-25566

cve-icon Vulnrichment

Updated: 2026-03-23T15:39:22.799Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:20.090

Modified: 2026-04-16T18:11:57.673

Link: CVE-2019-25566

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:17Z

Weaknesses