CVE-2019-25644

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.winmpg.com	Product
http://www.winmpg.com/down/WinMPG_VideoConvert.zip	Product
https://www.exploit-db.com/exploits/46553	Exploit VDB Entry
https://www.vulncheck.com/advisories/winmpg-video-convert-buffer-overflow-local-denial-of-service	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:direct-soft:winmpg_video_convert:*:*:*:*:*:*:*:*

History

21 Apr 2026, 16:39

Type	Values Removed	Values Added
First Time		Direct-soft Direct-soft winmpg Video Convert
CPE		cpe:2.3:a:direct-soft:winmpg_video_convert::::::::
Summary		(es) WinMPG Video Convert 9.3.5 y versiones anteriores contienen una vulnerabilidad de desbordamiento de búfer en el diálogo de registro que permite a atacantes locales bloquear la aplicación al proporcionar una entrada sobredimensionada. Los atacantes pueden pegar una carga útil grande de 6000 bytes en el campo Nombre y Código de Registro para desencadenar una condición de denegación de servicio.
References	~~() http://www.winmpg.com -~~	() http://www.winmpg.com - Product
References	~~() http://www.winmpg.com/down/WinMPG_VideoConvert.zip -~~	() http://www.winmpg.com/down/WinMPG_VideoConvert.zip - Product
References	~~() https://www.exploit-db.com/exploits/46553 -~~	() https://www.exploit-db.com/exploits/46553 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/winmpg-video-convert-buffer-overflow-local-denial-of-service -~~	() https://www.vulncheck.com/advisories/winmpg-video-convert-buffer-overflow-local-denial-of-service - Third Party Advisory

24 Mar 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-24 12:16

Updated : 2026-04-21 16:39

NVD link : CVE-2019-25644

Mitre link : CVE-2019-25644

CVE.ORG link : CVE-2019-25644

JSON object : View

Products Affected

direct-soft

winmpg_video_convert

CWE

CWE-787

Out-of-bounds Write

6.2 /10