CVE-2019-25606
Received Received - Intake
Buffer Overflow in Fast AVI MPEG Joiner Causes DoS

Publication date: 2026-03-22

Last updated on: 2026-03-22

Assigner: VulnCheck

Description
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-22
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25606
EUVD
EUVD-2019-19954
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
fast_avi_mpeg_joiner fast_avi_mpeg_joiner 1.2.0812
alloksoft fast_avi_mpeg_joiner 1.2.0812
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25606 is a buffer overflow vulnerability in Fast AVI MPEG Joiner version 1.2.0812. It occurs when a local attacker supplies an oversized payloadβ€”specifically, a malicious text file containing 6000 bytes of dataβ€”into the License Name input field. When the Register button is clicked after pasting this large input, the application crashes, causing a denial of service.

This vulnerability is classified under CWE-787 (Out-of-bounds Write) and requires local access with user interaction to trigger the crash.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition. An attacker with local access can crash the Fast AVI MPEG Joiner application by supplying an oversized input in the License Name field, causing the program to become unavailable.

There is no indication that this vulnerability leads to confidentiality or integrity loss, but it results in high availability impact by crashing the software.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the Fast AVI MPEG Joiner application. Specifically, a test involves creating a malicious text file containing 6000 bytes of data and pasting it into the License Name input field.'}, {'type': 'paragraph', 'content': 'The detection steps include:'}, {'type': 'list_item', 'content': 'Create a file named "Evil.txt" containing 6000 \'A\' characters.'}, {'type': 'list_item', 'content': 'Open the file and copy its contents to the clipboard.'}, {'type': 'list_item', 'content': 'Launch Fast AVI MPEG Joiner version 1.2.0812.'}, {'type': 'list_item', 'content': 'Paste the clipboard contents into the License Name field.'}, {'type': 'list_item', 'content': 'Click the Register button and observe if the application crashes.'}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since it is triggered locally via the application interface.'}] [2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the License Name field with oversized input to prevent triggering the buffer overflow.

Since the vulnerability requires local user interaction and input of a large payload, restricting access to the application and educating users not to paste large or suspicious data into the License Name field can reduce risk.

Additionally, consider updating or patching the software if a fixed version is available from the vendor.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25606. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart