CVE-2019-25565
Buffer Overflow in Magic Iso Maker 5.5 Causes DoS Crash
Publication date: 2026-03-21
Last updated on: 2026-04-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| magiciso | magic_iso_maker | 5.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25565 is a buffer overflow vulnerability in Magic Iso Maker version 5.5 build 281. It occurs in the Serial Code registration field, where the application does not properly handle an excessively large input.
Local attackers can exploit this by submitting a specially crafted input containing 5000 bytes of data into the Serial Code field during registration. This causes a buffer overflow that crashes the application, resulting in a denial of service.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the Magic Iso Maker application to crash when an attacker submits an oversized input in the Serial Code registration field.
The primary impact is a denial of service (DoS), which disrupts the availability of the application and prevents legitimate users from using it.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the buffer overflow condition in the Magic Iso Maker 5.5 (build 281) application. A proof-of-concept exploit involves generating a file containing 5000 'A' characters and pasting its contents into the Serial Code registration field to see if the application crashes."}, {'type': 'list_item', 'content': "Run the provided Python script (MagicIso.py) to create a file named 'MagicIso.txt' containing the overflow payload."}, {'type': 'list_item', 'content': "Copy the contents of 'MagicIso.txt' to the clipboard."}, {'type': 'list_item', 'content': 'Launch MagicISO.exe and navigate to the registration section.'}, {'type': 'list_item', 'content': "Enter any username (e.g., 'Anonymous')."}, {'type': 'list_item', 'content': 'Paste the clipboard contents into the Serial Code field.'}, {'type': 'list_item', 'content': "Click the 'Register!' button and observe if the application crashes, indicating the vulnerability."}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable Magic Iso Maker 5.5 (build 281) application or refraining from entering oversized input in the Serial Code registration field.
Since the vulnerability requires local access and input of an oversized serial code, restricting access to the application and educating users not to paste large or suspicious data into the Serial Code field can help prevent exploitation.
If possible, update to a patched or newer version of the software where this vulnerability is fixed.