CVE-2019-25363

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://web.archive.org/web/20190108145533/https://www.alloksoft.com/wmv.htm	Product
https://www.alloksoft.com/	Not Applicable Technical Description
https://www.exploit-db.com/exploits/47563	Exploit VDB Entry
https://www.vulncheck.com/advisories/wmv-to-avi-mpeg-dvd-wmv-convertor-denial-of-service	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:alloksoft:wmv_to_avi_mpeg_dvd_wmv_convertor:4.6.1217:*:*:*:*:*:*:*

History

26 Feb 2026, 21:50

Type	Values Removed	Values Added
References	~~() https://web.archive.org/web/20190108145533/https://www.alloksoft.com/wmv.htm -~~	() https://web.archive.org/web/20190108145533/https://www.alloksoft.com/wmv.htm - Product
References	~~() https://www.alloksoft.com/ -~~	() https://www.alloksoft.com/ - Not Applicable, Technical Description
References	~~() https://www.exploit-db.com/exploits/47563 -~~	() https://www.exploit-db.com/exploits/47563 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/wmv-to-avi-mpeg-dvd-wmv-convertor-denial-of-service -~~	() https://www.vulncheck.com/advisories/wmv-to-avi-mpeg-dvd-wmv-convertor-denial-of-service - Third Party Advisory
CPE		cpe:2.3:a:alloksoft:wmv_to_avi_mpeg_dvd_wmv_convertor:4.6.1217:::::::*
First Time		Alloksoft Alloksoft wmv To Avi Mpeg Dvd Wmv Convertor
Summary		(es) WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contiene una vulnerabilidad de desbordamiento de búfer que permite a los atacantes bloquear la aplicación al proporcionar una entrada de licencia sobredimensionada. Los atacantes pueden generar una carga útil de 6000 bytes y pegarla en el campo 'License Name and License Code' para provocar un bloqueo de la aplicación.

18 Feb 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 22:16

Updated : 2026-02-26 21:50

NVD link : CVE-2019-25363

Mitre link : CVE-2019-25363

CVE.ORG link : CVE-2019-25363

JSON object : View

Products Affected

alloksoft

wmv_to_avi_mpeg_dvd_wmv_convertor

CWE

CWE-121

Stack-based Buffer Overflow

7.5 /10