CVE-2019-25363
Published: 18 February 2026
Summary
CVE-2019-25363 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Alloksoft Wmv To Avi Mpeg Dvd Wmv Convertor. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2019-25363 is a buffer overflow vulnerability (CWE-121) in WMV to AVI MPEG DVD WMV Convertor version 4.6.1217. The flaw occurs when the application processes an oversized input in the 'License Name and License Code' field, leading to a crash. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.
An attacker can exploit this vulnerability by generating a 6000-byte payload and pasting it into the specified license field, triggering a denial-of-service condition that crashes the application. The CVSS vector suggests it is exploitable remotely over a network with low complexity, requiring no privileges or user interaction beyond the input mechanism.
Advisories from Vulncheck detail the denial-of-service nature of the vulnerability, while Exploit-DB (exploit 47563) provides a proof-of-concept demonstrating the crash with the oversized payload. Vendor sites, including the archived product page on alloksoft.com, offer no specific patch or mitigation guidance in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19704
Vulnerability details
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and…
more
License Code' field to trigger an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow input in license field directly triggers application crash, matching Application or System Exploitation for DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents the buffer overflow by validating the size and format of oversized license inputs before processing.
Ensures timely remediation of the specific buffer overflow flaw in WMV Convertor version 4.6.1217 via patches or upgrades.
Implements memory safeguards like stack canaries and DEP to mitigate the impact of buffer overflows attempting to corrupt memory and crash the application.