CVE-2019-25648

MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and Paste Registration Code' field to trigger a denial of service condition.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.ivideogo.com/
https://www.exploit-db.com/exploits/46309
https://www.vulncheck.com/advisories/myvideoconverter-pro-denial-of-service-buffer-overflow

Configurations

No configuration.

History

01 May 2026, 15:23

Type	Values Removed	Values Added
Summary		(es) MyVideoConverter Pro 3.14 contiene una vulnerabilidad local de desbordamiento de búfer que permite a los atacantes bloquear la aplicación al proporcionar una cadena excesivamente larga al campo de entrada del código de registro. Los atacantes pueden pegar una carga útil maliciosa que contenga 10000 bytes en el campo 'Copy and Paste Registration Code' para desencadenar una condición de denegación de servicio.

26 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-26 14:16

Updated : 2026-05-01 15:23

NVD link : CVE-2019-25648

Mitre link : CVE-2019-25648

CVE.ORG link : CVE-2019-25648

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-25648", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-26T14:16:06.273", "references": [{"url": "http://www.ivideogo.com/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46309", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/myvideoconverter-pro-denial-of-service-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and Paste Registration Code' field to trigger a denial of service condition."}, {"lang": "es", "value": "MyVideoConverter Pro 3.14 contiene una vulnerabilidad local de desbordamiento de b\u00fafer que permite a los atacantes bloquear la aplicaci\u00f3n al proporcionar una cadena excesivamente larga al campo de entrada del c\u00f3digo de registro. Los atacantes pueden pegar una carga \u00fatil maliciosa que contenga 10000 bytes en el campo 'Copy and Paste Registration Code' para desencadenar una condici\u00f3n de denegaci\u00f3n de servicio."}], "lastModified": "2026-05-01T15:23:27.150", "sourceIdentifier": "disclosure@vulncheck.com"}