Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-25645

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-24 Mar, 2026 | 11:27
Updated At-24 Mar, 2026 | 13:00
Rejected At-
Credits

WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:24 Mar, 2026 | 11:27
Updated At:24 Mar, 2026 | 13:00
Rejected At:
▼CVE Numbering Authority (CNA)
WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.

Affected Products
Vendor
Winavi
Product
WinAVI iPod/3GP/MP4/PSP Converter
Versions
Affected
  • 4.4.2
Problem Types
TypeCWE IDDescription
CWECWE-226Sensitive Information in Resource Not Removed Before Reuse
Type: CWE
CWE ID: CWE-226
Description: Sensitive Information in Resource Not Removed Before Reuse
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Achilles
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/46554
exploit
http://www.winavi.com
product
http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe
product
https://www.vulncheck.com/advisories/winavi-ipod-3gp-mp4-psp-converter-denial-of-service
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/46554
Resource:
exploit
Hyperlink: http://www.winavi.com
Resource:
product
Hyperlink: http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/winavi-ipod-3gp-mp4-psp-converter-denial-of-service
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:24 Mar, 2026 | 12:16
Updated At:24 Mar, 2026 | 15:53

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-226Primarydisclosure@vulncheck.com
CWE ID: CWE-226
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.winavi.comdisclosure@vulncheck.com
N/A
http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exedisclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/46554disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/winavi-ipod-3gp-mp4-psp-converter-denial-of-servicedisclosure@vulncheck.com
N/A
Hyperlink: http://www.winavi.com
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/46554
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/winavi-ipod-3gp-mp4-psp-converter-denial-of-service
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2019-25553
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:46
Updated-10 Apr, 2026 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image

CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.

Action-Not Available
Vendor-ceweCewe-Photoworld
Product-photo_importerCEWE PHOTO IMPORTER
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2019-25571
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.74%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:47
Updated-24 Mar, 2026 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MediaMonkey 4.1.23 Denial of Service via Malformed URL

MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.

Action-Not Available
Vendor-ventismediaMediamonkey
Product-mediamonkeyMediaMonkey
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2019-25617
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.10%
||
7 Day CHG~0.00%
Published-22 Mar, 2026 | 13:38
Updated-16 Apr, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ease Audio Converter 5.30 Denial of Service via Audio Cutter

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash.

Action-Not Available
Vendor-Audiotool
Product-Ease Audio Converter
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2019-25563
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.74%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:47
Updated-24 Mar, 2026 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash.

Action-Not Available
Vendor-uvncUvnc
Product-pchelpwarev2PCHelpWareV2
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
Details not found