CVE-2019-25645 MEDIUM

CVE-2019-25645: WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service

Vendor Winavi
Product WinAVI iPod/3GP/MP4/PSP Converter
Weakness CWE-226
Published March 24, 2026
Last update March 24, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.

Key dates

02Disclosure timeline

March 24, 2026 CVE published
March 24, 2026 Record updated