{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25644", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-24T11:06:06.066Z", "datePublished": "2026-03-24T11:27:15.093Z", "dateUpdated": "2026-03-26T12:42:09.635Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-24T11:27:15.093Z"}, "datePublic": "2019-03-15T00:00:00.000Z", "title": "WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service", "descriptions": [{"lang": "en", "value": "WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Winmpg", "product": "WinMPG Video Convert Local Dos Exploit", "versions": [{"version": "9.3.5", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46553", "name": "ExploitDB-46553", "tags": ["exploit"]}, {"url": "http://www.winmpg.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.winmpg.com/down/WinMPG_VideoConvert.zip", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/winmpg-video-convert-buffer-overflow-local-denial-of-service"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T12:40:50.292579Z", "id": "CVE-2019-25644", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T12:42:09.635Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25644", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T12:40:50.292579Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T12:42:03.384Z"}}], "cna": {"title": "WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service", "credits": [{"lang": "en", "type": "finder", "value": "Achilles"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Winmpg", "product": "WinMPG Video Convert Local Dos Exploit", "versions": [{"status": "affected", "version": "9.3.5"}]}], "datePublic": "2019-03-15T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46553", "name": "ExploitDB-46553", "tags": ["exploit"]}, {"url": "http://www.winmpg.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.winmpg.com/down/WinMPG_VideoConvert.zip", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/winmpg-video-convert-buffer-overflow-local-denial-of-service", "name": "VulnCheck Advisory: WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-24T11:27:15.093Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25644", "state": "PUBLISHED", "dateUpdated": "2026-03-26T12:42:09.635Z", "dateReserved": "2026-03-24T11:06:06.066Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-24T11:27:15.093Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition."}], "id": "CVE-2019-25644", "lastModified": "2026-03-24T15:53:48.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-24T12:16:06.840", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.winmpg.com"}, {"source": "disclosure@vulncheck.com", "url": "http://www.winmpg.com/down/WinMPG_VideoConvert.zip"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46553"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/winmpg-video-convert-buffer-overflow-local-denial-of-service"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.3.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WinMPG Video Convert Local Dos Exploit", "source": "cna", "vendor": "Winmpg"}, "product": "winmpg_video_convert_local_dos_exploit", "vendor": "winmpg"}], "analysis": {"en": {"generated_at": "2026-03-24T12:21:30.599845+00:00", "value": {"mitigation_remediation": ["Obtain and install the latest official update or fix from Winmpg for WinMPG Video Convert, or upgrade to a version that no longer contains this flaw.", "If no update is available, remove or disable the application from systems where it is not essential to reduce the risk of local denial of service.", "Implement user\u2011access controls to limit who can run the application or interact with its registration dialog, thereby reducing the opportunity for exploitation."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The issue affects WinMPG Video Convert 9.3.5 and all earlier releases shipped by Winmpg. No remote systems are dedicated; any local user who can launch or interact with the registration dialog is potentially able to trigger the crash on the affected machine. The vulnerability is confined to the Windows desktop environment where the application runs.", "description_and_impact": "A buffer overflow exists in the registration dialog of WinMPG Video Convert version 9.3.5 and earlier. When a local attacker supplies an oversized input of about 6000 bytes into the Name and Registration Code fields, the application crashes, leading to a denial of service. This vulnerability falls under CWE\u2011787 \u2013 Buffer Dependent Memory Leak/Overrun and does not provide any remote code execution or privilege escalation. It simply stops the application from functioning until restarted.", "risk_and_exploitability": "With a CVSS base score of 6.9, the vulnerability is considered moderate severity. The EPSS score is not available, but because it requires local user interaction, the likelihood of exploitation depends on whether an attacker can accomplish the input overflow on a user\u2019s machine. It is not listed in the CISA KEV catalog, and no known public exploit code currently exists. Nonetheless, the exploitation path is simple \u2013 a local attacker can paste a crafted string into the dialog to crash the software, so it should be treated as a high priority for patching in environments that rely on uninterrupted video conversion."}}}}, "created": "2026-03-25T11:48:29.096235+00:00", "updated": "2026-03-25T20:39:27.775400+00:00", "vendors": ["winmpg", "winmpg$PRODUCT$winmpg_video_convert_local_dos_exploit"]}