CVE-2019-25606
Buffer Overflow in Fast AVI MPEG Joiner Causes DoS
Publication date: 2026-03-22
Last updated on: 2026-03-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fast_avi_mpeg_joiner | fast_avi_mpeg_joiner | 1.2.0812 |
| alloksoft | fast_avi_mpeg_joiner | 1.2.0812 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25606 is a buffer overflow vulnerability in Fast AVI MPEG Joiner version 1.2.0812. It occurs when a local attacker supplies an oversized payloadβspecifically, a malicious text file containing 6000 bytes of dataβinto the License Name input field. When the Register button is clicked after pasting this large input, the application crashes, causing a denial of service.
This vulnerability is classified under CWE-787 (Out-of-bounds Write) and requires local access with user interaction to trigger the crash.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition. An attacker with local access can crash the Fast AVI MPEG Joiner application by supplying an oversized input in the License Name field, causing the program to become unavailable.
There is no indication that this vulnerability leads to confidentiality or integrity loss, but it results in high availability impact by crashing the software.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the Fast AVI MPEG Joiner application. Specifically, a test involves creating a malicious text file containing 6000 bytes of data and pasting it into the License Name input field.'}, {'type': 'paragraph', 'content': 'The detection steps include:'}, {'type': 'list_item', 'content': 'Create a file named "Evil.txt" containing 6000 \'A\' characters.'}, {'type': 'list_item', 'content': 'Open the file and copy its contents to the clipboard.'}, {'type': 'list_item', 'content': 'Launch Fast AVI MPEG Joiner version 1.2.0812.'}, {'type': 'list_item', 'content': 'Paste the clipboard contents into the License Name field.'}, {'type': 'list_item', 'content': 'Click the Register button and observe if the application crashes.'}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since it is triggered locally via the application interface.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the License Name field with oversized input to prevent triggering the buffer overflow.
Since the vulnerability requires local user interaction and input of a large payload, restricting access to the application and educating users not to paste large or suspicious data into the License Name field can reduce risk.
Additionally, consider updating or patching the software if a fixed version is available from the vendor.