Cyber Resilience

CVE-2019-25363

HighPublic PoC

Published: 18 February 2026

Published
18 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0037 29.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25363 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Alloksoft Wmv To Avi Mpeg Dvd Wmv Convertor. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2019-25363 is a buffer overflow vulnerability (CWE-121) in WMV to AVI MPEG DVD WMV Convertor version 4.6.1217. The flaw occurs when the application processes an oversized input in the 'License Name and License Code' field, leading to a crash. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

An attacker can exploit this vulnerability by generating a 6000-byte payload and pasting it into the specified license field, triggering a denial-of-service condition that crashes the application. The CVSS vector suggests it is exploitable remotely over a network with low complexity, requiring no privileges or user interaction beyond the input mechanism.

Advisories from Vulncheck detail the denial-of-service nature of the vulnerability, while Exploit-DB (exploit 47563) provides a proof-of-concept demonstrating the crash with the oversized payload. Vendor sites, including the archived product page on alloksoft.com, offer no specific patch or mitigation guidance in the available references.

EU & UK References

Vulnerability details

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and…

more

License Code' field to trigger an application crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow input in license field directly triggers application crash, matching Application or System Exploitation for DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25362Same product: Alloksoft Wmv To Avi Mpeg Dvd Wmv Convertor
CVE-2025-70304Shared CWE-121
CVE-2025-67432Shared CWE-121
CVE-2020-37122Shared CWE-121
CVE-2019-25434Shared CWE-121
CVE-2025-70252Shared CWE-121
CVE-2019-25328Shared CWE-121
CVE-2020-37177Shared CWE-121
CVE-2019-25341Shared CWE-121
CVE-2025-57085Shared CWE-121

Affected Assets

alloksoft
wmv to avi mpeg dvd wmv convertor
4.6.1217

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents the buffer overflow by validating the size and format of oversized license inputs before processing.

prevent

Ensures timely remediation of the specific buffer overflow flaw in WMV Convertor version 4.6.1217 via patches or upgrades.

prevent

Implements memory safeguards like stack canaries and DEP to mitigate the impact of buffer overflows attempting to corrupt memory and crash the application.

References