CVE-2019-25554
Buffer Overflow in Tomabo MP4 Converter Causes Denial of Service
Publication date: 2026-03-21
Last updated on: 2026-04-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tomabo | mp4_converter | 3.25.22 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25554 is a denial of service vulnerability in Tomabo MP4 Converter version 3.25.22 and earlier. It occurs when a local attacker inputs an excessively long string into the "Name" field while adding a preset in the Video/Audio Formats options. This causes a buffer overflow (out-of-bounds write) that crashes the application when the "Reset All" button is clicked.'}] [1, 3]
How can this vulnerability impact me? :
This vulnerability can cause the Tomabo MP4 Converter application to crash, resulting in a denial of service. An attacker with local access can trigger this by supplying a large payload in the Name field, disrupting normal use of the software.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the crash condition locally on the system running Tomabo MP4 Converter version 3.25.22 or earlier. Specifically, a large payload (e.g., a string of 10,000 characters) can be pasted into the 'Name' field when adding a preset in the Video/Audio Formats options. After pasting the payload, clicking 'OK' and then 'Reset All' will cause the application to crash if it is vulnerable."}, {'type': 'paragraph', 'content': 'There are no specific network detection commands since this is a local denial of service vulnerability triggered by user interaction within the application.'}, {'type': 'paragraph', 'content': 'Suggested steps to test the vulnerability on the system:'}, {'type': 'list_item', 'content': "Create a text file containing a large string payload, for example, 10,000 'A' characters."}, {'type': 'list_item', 'content': 'Copy the contents of this file to the clipboard.'}, {'type': 'list_item', 'content': 'Open Tomabo MP4 Converter, navigate to Video/Audio Formats options, and add a new preset.'}, {'type': 'list_item', 'content': "Paste the large payload into the 'Name' field."}, {'type': 'list_item', 'content': "Click 'OK' to save the preset, then click 'Reset All'. If the application crashes, the vulnerability is present."}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "To mitigate this vulnerability immediately, avoid pasting or entering excessively long strings into the 'Name' field when adding presets in the Video/Audio Formats options of Tomabo MP4 Converter."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local user interaction, restricting access to the application and limiting user permissions can reduce the risk.'}, {'type': 'paragraph', 'content': 'Additionally, consider updating to a newer version of Tomabo MP4 Converter if available, as this vulnerability affects version 3.25.22 and earlier.'}, {'type': 'paragraph', 'content': "If an update is not available, monitor the application for crashes and avoid using the 'Reset All' function after adding presets with untrusted input."}] [1]