CVE-2019-25648
Buffer Overflow in MyVideoConverter Pro 3.14 Causes DoS
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| myvideoconverter | myvideoconverter_pro | 3.14 |
| myvideoconverter | pro | to 3.14 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in MyVideoConverter Pro 3.14 is a local buffer overflow that causes a denial of service by crashing the application when an excessively long registration code string is supplied.
There is no information provided about any impact on data confidentiality, integrity, or privacy that would directly relate to compliance with standards such as GDPR or HIPAA.
Since the vulnerability results in availability impact only (denial of service) and does not disclose or alter sensitive data, its effect on compliance with regulations like GDPR or HIPAA is not specified or evident from the provided information.
Can you explain this vulnerability to me?
CVE-2019-25648 is a local buffer overflow vulnerability found in MyVideoConverter Pro version 3.14 and earlier. It occurs when the application improperly handles input in the registration code field.
An attacker can supply an excessively long stringβspecifically a payload of 10,000 bytesβinto the 'Copy and Paste Registration Code' input field. This causes an out-of-bounds write that leads to a buffer overflow.
As a result, the application crashes, triggering a denial of service (DoS) condition.
How can this vulnerability impact me? :
This vulnerability can cause MyVideoConverter Pro to crash when an attacker inputs a maliciously long registration code string.
The impact is a denial of service (DoS), meaning the application becomes unavailable or unusable until restarted.
Since the attack requires local access and no privileges or user interaction, an attacker with local access can disrupt the application's availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the buffer overflow condition locally on the affected application, MyVideoConverter Pro 3.14, by supplying an excessively long string (10,000 bytes) to the 'Copy and Paste Registration Code' input field.
A practical detection method involves using a proof-of-concept script that generates a payload of 10,000 'A' characters, copying it to the clipboard, and pasting it into the registration code field to observe if the application crashes.
No specific network commands are applicable since this is a local vulnerability triggered by user input on the application itself.
- Use the provided Python script from ExploitDB (Resource 2) to generate the payload: a string of 10,000 'A's.
- Copy the generated payload to the clipboard.
- Paste the payload into the 'Copy and Paste Registration Code' field in MyVideoConverter Pro 3.14.
- Click 'OK' and observe if the application crashes, indicating the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, avoid supplying excessively long strings (such as 10,000 bytes) to the registration code input field in MyVideoConverter Pro 3.14.
Since the vulnerability is local and triggered by user input, restricting or monitoring input length in the application can help prevent exploitation.
If possible, update to a newer version of the software where this vulnerability is fixed or contact the vendor for patches or mitigations.
As a temporary workaround, limit user access to the registration code input or avoid using the vulnerable version of the software.