CVE-2019-25554

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.tomabo.com/	Product
https://www.exploit-db.com/exploits/46848	Exploit VDB Entry
https://www.vulncheck.com/advisories/tomabo-mp4-converter-denial-of-service-via-name-field	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tomabo:mp4_converter:3.25.22:*:*:*:*:*:*:*

History

16 Apr 2026, 17:54

Type	Values Removed	Values Added
Summary		(es) Tomabo MP4 Converter 3.25.22 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo Nombre. Los atacantes pueden desencadenar un desbordamiento de búfer al pegar una carga útil grande en el parámetro Nombre al añadir un preajuste en las opciones de Formatos de Video/Audio, lo que provoca que la aplicación falle cuando se hace clic en Restablecer todo.
First Time		Tomabo mp4 Converter Tomabo
References	~~() http://www.tomabo.com/ -~~	() http://www.tomabo.com/ - Product
References	~~() https://www.exploit-db.com/exploits/46848 -~~	() https://www.exploit-db.com/exploits/46848 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/tomabo-mp4-converter-denial-of-service-via-name-field -~~	() https://www.vulncheck.com/advisories/tomabo-mp4-converter-denial-of-service-via-name-field - Third Party Advisory
CPE		cpe:2.3:a:tomabo:mp4_converter:3.25.22:::::::*

21 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-21 13:16

Updated : 2026-04-16 17:54

NVD link : CVE-2019-25554

Mitre link : CVE-2019-25554

CVE.ORG link : CVE-2019-25554

JSON object : View

Products Affected

tomabo

mp4_converter

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-25554", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-21T13:16:17.857", "references": [{"url": "http://www.tomabo.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46848", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/tomabo-mp4-converter-denial-of-service-via-name-field", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked."}, {"lang": "es", "value": "Tomabo MP4 Converter 3.25.22 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una cadena excesivamente larga en el campo Nombre. Los atacantes pueden desencadenar un desbordamiento de b\u00fafer al pegar una carga \u00fatil grande en el par\u00e1metro Nombre al a\u00f1adir un preajuste en las opciones de Formatos de Video/Audio, lo que provoca que la aplicaci\u00f3n falle cuando se hace clic en Restablecer todo."}], "lastModified": "2026-04-16T17:54:13.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tomabo:mp4_converter:3.25.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2113DD5D-E014-4834-8483-962C37A45CA0"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}