{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25606", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T13:13:52.738Z", "datePublished": "2026-03-22T13:38:41.151Z", "dateUpdated": "2026-03-24T15:14:37.862Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:41.151Z"}, "datePublic": "2019-05-24T00:00:00.000Z", "title": "Fast AVI MPEG Joiner 1.2.0812 Buffer Overflow Denial of Service", "descriptions": [{"lang": "en", "value": "Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Alloksoft", "product": "Fast AVI MPEG Joiner", "versions": [{"version": "1.2.0812", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46929", "name": "ExploitDB-46929", "tags": ["exploit"]}, {"url": "http://www.alloksoft.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.alloksoft.com/fast_avimpegjoiner.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Fast AVI MPEG Joiner 1.2.0812 Buffer Overflow Denial of Service", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/fast-avi-mpeg-joiner-buffer-overflow-denial-of-service"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:01:13.227747Z", "id": "CVE-2019-25606", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:14:37.862Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25606", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:01:13.227747Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:01:14.175Z"}}], "cna": {"title": "Fast AVI MPEG Joiner 1.2.0812 Buffer Overflow Denial of Service", "credits": [{"lang": "en", "type": "finder", "value": "Achilles"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Alloksoft", "product": "Fast AVI MPEG Joiner", "versions": [{"status": "affected", "version": "1.2.0812"}]}], "datePublic": "2019-05-24T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46929", "name": "ExploitDB-46929", "tags": ["exploit"]}, {"url": "http://www.alloksoft.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.alloksoft.com/fast_avimpegjoiner.exe", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/fast-avi-mpeg-joiner-buffer-overflow-denial-of-service", "name": "VulnCheck Advisory: Fast AVI MPEG Joiner 1.2.0812 Buffer Overflow Denial of Service", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:41.151Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25606", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:14:37.862Z", "dateReserved": "2026-03-22T13:13:52.738Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:41.151Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked."}, {"lang": "es", "value": "Fast AVI MPEG Joiner 1.2.0812 contiene una vulnerabilidad de desbordamiento de b\u00fafer que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una carga \u00fatil sobredimensionada en el campo License Name. Los atacantes pueden crear un archivo de texto malicioso que contenga 6000 bytes de datos y pegarlo en el campo de entrada License Name para desencadenar una condici\u00f3n de denegaci\u00f3n de servicio cuando se hace clic en el bot\u00f3n Register."}], "id": "CVE-2019-25606", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:28.433", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.alloksoft.com"}, {"source": "disclosure@vulncheck.com", "url": "http://www.alloksoft.com/fast_avimpegjoiner.exe"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46929"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/fast-avi-mpeg-joiner-buffer-overflow-denial-of-service"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.2.0812"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Fast AVI MPEG Joiner", "source": "cna", "vendor": "Alloksoft"}, "product": "fast_avi_mpeg_joiner", "vendor": "alloksoft"}], "analysis": {"en": {"generated_at": "2026-03-22T14:39:43.468093+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s security patch or upgrade to a non\u2011vulnerable release of Fast AVI MPEG Joiner if one exists.", "If no patch is available, consider uninstalling the software or restricting local access to the application to prevent attackers from creating or executing the malicious file.", "Monitor the application logs for crash events and enforce strict controls on the creation and placement of license text files in the system."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is Alloksoft Fast AVI MPEG Joiner version 1.2.0812, a Windows application. No other versions or vendors are listed in the CNA data. Users running this specific build are vulnerable unless updated or removed.", "description_and_impact": "Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow in the License Name field that can be triggered by providing an oversized payload of 6000 bytes in a text file. When the Register button is clicked, the application crashes, resulting in a denial of service. The vulnerability is classified as CWE-787, a buffer overflow that corrupts memory during input handling.", "risk_and_exploitability": "With a CVSS score of 6.8 the vulnerability is of medium\u2011to\u2011high severity. The attack requires local access to the machine and the ability to run the application and input a malicious license file, making it a local denial\u2011of\u2011service vector. No EPSS value is available and the issue is not listed in the CISA KEV catalog, suggesting lower current exploitation activity. Nevertheless, a compromised local user could interrupt service availability by triggering the crash."}}}}, "created": "2026-03-23T09:46:14.034791+00:00", "updated": "2026-03-25T14:46:10.404116+00:00", "vendors": ["alloksoft", "alloksoft$PRODUCT$fast_avi_mpeg_joiner"]}