CVE-2019-25363
Published: 18 February 2026
Summary
CVE-2019-25363 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Alloksoft Wmv To Avi Mpeg Dvd Wmv Convertor. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 13.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
NVD Description
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and…
more
License Code' field to trigger an application crash.
Deeper analysisAI
CVE-2019-25363 is a buffer overflow vulnerability (CWE-121) in WMV to AVI MPEG DVD WMV Convertor version 4.6.1217. The flaw occurs when the application processes an oversized input in the 'License Name and License Code' field, leading to a crash. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.
An attacker can exploit this vulnerability by generating a 6000-byte payload and pasting it into the specified license field, triggering a denial-of-service condition that crashes the application. The CVSS vector suggests it is exploitable remotely over a network with low complexity, requiring no privileges or user interaction beyond the input mechanism.
Advisories from Vulncheck detail the denial-of-service nature of the vulnerability, while Exploit-DB (exploit 47563) provides a proof-of-concept demonstrating the crash with the oversized payload. Vendor sites, including the archived product page on alloksoft.com, offer no specific patch or mitigation guidance in the available references.
Details
- CWE(s)