CVE-2019-25645
Received Received - Intake
Buffer Overflow in WinAVI Converter Causes Local Denial of Service

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25645
EUVD
EUVD-2019-20029
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
winavi ipod_3gp_mp4_psp_converter 4.4.2
winavi ipod_3gp_mp4_psp_converter to 4.4.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-226 The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25645 is a denial of service vulnerability in WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2. It occurs when the application processes specially crafted malformed AVI files containing an oversized buffer.'}, {'type': 'paragraph', 'content': 'A local attacker can create such a malicious AVI file and load it through the "Convert to iPhone" function, causing the application to crash due to improper handling of input files and a resulting buffer overflow condition.'}] [1, 2]

Impact Analysis

This vulnerability can cause the WinAVI converter application to crash, resulting in a denial of service.

An attacker with local access can exploit this by loading a specially crafted AVI file, which disrupts the normal operation of the software.

There is no indication of remote exploitation, privilege escalation, or code execution; the impact is limited to application unavailability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the affected system. Specifically, a malicious AVI file with an oversized buffer can be generated and loaded into the WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 application using the "Convert to iPhone" function to see if the application crashes.'}, {'type': 'paragraph', 'content': 'A known method involves using a Python script to create a malicious file named "Evil.avi" containing a buffer of 6000 "A" characters. Running this script and then opening the file in the vulnerable application will trigger the crash if the vulnerability is present.'}, {'type': 'list_item', 'content': 'Run the Python script to generate the malicious AVI file (e.g., "Evil.avi").'}, {'type': 'list_item', 'content': 'Open WinAVI.exe.'}, {'type': 'list_item', 'content': 'Select the "Convert to iPhone" option.'}, {'type': 'list_item', 'content': 'Load the generated "Evil.avi" file.'}, {'type': 'paragraph', 'content': 'If the application crashes upon loading the file, the vulnerability is present.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, immediate steps include avoiding the use of the "Convert to iPhone" function with untrusted or unknown AVI files, especially those that could be malformed or crafted to exploit the buffer overflow.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local access, restricting user permissions and limiting access to the application can reduce the risk of exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, consider updating the software if a patched version is available or replacing it with alternative software that does not have this vulnerability.'}] [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25645. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart