TwistedBrush Pro Studio Denial-of-Service Vulnerability in Script Recorder Component
Vulnerability
A denial-of-service vulnerability has been identified in TwistedBrush Pro Studio version 24.06, specifically within the Script Recorder component. This vulnerability allows local attackers to crash the application by sending an excessively large buffer. By pasting a malicious string of 500,000 characters into the Description field of the Script Recorder dialog, the application can be made to crash.
Impact
Exploiting this vulnerability leads to a crash of the TwistedBrush Pro Studio application, causing a denial-of-service condition where the user is unable to use the application until it is restarted.
Reproduction
To reproduce this vulnerability, first run a Python script that generates a text file containing 500,000 characters. Copy the contents of this file to the clipboard. Then, open TwistedBrush Pro Studio and navigate to 'Record' > 'Script Recorder'. Paste the clipboard contents into the 'Description' field and click the 'Brush' button, which will trigger the application to crash.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.