CVE-2019-25645

Summary

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.

Affected Software

VendorProductVersion RangeStatus
WinaviWinAVI iPod/3GP/MP4/PSP Converter4.4.2affected

Weaknesses

  • CWE-226: Sensitive Information in Resource Not Removed Before Reuse

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References