{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25604", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T13:05:40.855Z", "datePublished": "2026-03-22T13:38:39.835Z", "dateUpdated": "2026-03-23T15:58:14.462Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:39.835Z"}, "datePublic": "2019-03-06T00:00:00.000Z", "title": "DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH", "descriptions": [{"lang": "en", "value": "DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Dvd-X-Player", "product": "DVDXPlayer", "versions": [{"version": "5.5 Pro", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46962", "name": "ExploitDB-46962", "tags": ["exploit"]}, {"url": "http://www.dvd-x-player.com/download.html#dvdPlayer", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/dvdxplayer-pro-local-buffer-overflow-with-seh"}], "credits": [{"lang": "en", "value": "Kevin Randall", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:55:28.551355Z", "id": "CVE-2019-25604", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:58:14.462Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH", "credits": [{"lang": "en", "type": "finder", "value": "Kevin Randall"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Dvd-X-Player", "product": "DVDXPlayer", "versions": [{"status": "affected", "version": "5.5 Pro"}]}], "datePublic": "2019-03-06T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46962", "name": "ExploitDB-46962", "tags": ["exploit"]}, {"url": "http://www.dvd-x-player.com/download.html#dvdPlayer", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/dvdxplayer-pro-local-buffer-overflow-with-seh", "name": "VulnCheck Advisory: DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:39.835Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25604", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T15:55:28.551355Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-23T15:56:00.644Z"}}]}, "cveMetadata": {"cveId": "CVE-2019-25604", "state": "PUBLISHED", "dateUpdated": "2026-03-22T13:38:39.835Z", "dateReserved": "2026-03-22T13:05:40.855Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:39.835Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges."}, {"lang": "es", "value": "DVDXPlayer Pro 5.5 contiene una vulnerabilidad de desbordamiento de b\u00fafer local con manejo estructurado de excepciones que permite a atacantes locales ejecutar c\u00f3digo arbitrario mediante la creaci\u00f3n de archivos de lista de reproducci\u00f3n maliciosos. Los atacantes pueden crear un archivo .plf especialmente dise\u00f1ado que contenga shellcode y NOP sleds que desborda un b\u00fafer y secuestra la cadena SEH para ejecutar c\u00f3digo arbitrario con privilegios de aplicaci\u00f3n."}], "id": "CVE-2019-25604", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:28.083", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.dvd-x-player.com/download.html#dvdPlayer"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46962"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/dvdxplayer-pro-local-buffer-overflow-with-seh"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.5 Pro"}}], "enrichment": {"confidence": 96.0, "confidence_source": "matching", "scores": [{"score": 96.0, "source": "matching"}]}, "original": {"product": "DVDXPlayer", "source": "cna", "vendor": "Dvd-X-Player"}, "product": "dvd_x_player", "vendor": "dvd-x-player"}], "analysis": {"en": {"generated_at": "2026-03-22T14:40:34.127918+00:00", "value": {"mitigation_remediation": ["Upgrade DVDXPlayer Pro to the latest version or apply the vendor\u2019s security patch if available.", "Avoid opening or loading .plf files from untrusted or unknown sources until a patch is installed.", "If upgrading is not possible, restrict application execution privileges or run the software in a sandboxed environment to limit potential damage."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the DVDXPlayer Pro 5.5 software, distributed by Dvd\u2011X\u2011Player. Users running this version of the media player are at risk when they open or process .plf files from untrusted sources.", "description_and_impact": "DVDXPlayer Pro 5.5 is susceptible to a local buffer overflow that exploits structured exception handling. A maliciously crafted .plf playlist file containing shellcode and a NOP sled can overflow an internal buffer and hijack the SEH chain, allowing the attacker to run arbitrary code with the privileges of the application. The flaw is a classic out\u2011of\u2011bounds write, documented as CWE\u2011787, and permits full code execution on the host system.", "risk_and_exploitability": "The CVSS vector scores the flaw as high severity (8.6), indicating significant impact. No EPSS score is available, but the local nature of the exploit means it can be triggered by a user who can place a crafted playlist file on the system. The vulnerability is not listed in the CISA KEV catalog, suggesting that known exploitation is not yet documented. Attackers would need to persuade a user to open a malicious file or run the application with such a file already present."}}}}, "created": "2026-03-23T09:46:15.797513+00:00", "updated": "2026-03-25T14:46:12.668799+00:00", "vendors": ["dvd-x-player", "dvd-x-player$PRODUCT$dvd_x_player"]}