{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25645", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-24T11:06:14.608Z", "datePublished": "2026-03-24T11:27:15.914Z", "dateUpdated": "2026-03-24T13:00:53.933Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-24T11:27:15.914Z"}, "datePublic": "2019-03-16T00:00:00.000Z", "title": "WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service", "descriptions": [{"lang": "en", "value": "WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Sensitive Information in Resource Not Removed Before Reuse", "cweId": "CWE-226", "type": "CWE"}]}], "affected": [{"vendor": "Winavi", "product": "WinAVI iPod/3GP/MP4/PSP Converter", "versions": [{"version": "4.4.2", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46554", "name": "ExploitDB-46554", "tags": ["exploit"]}, {"url": "http://www.winavi.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/winavi-ipod-3gp-mp4-psp-converter-denial-of-service"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T12:56:51.618896Z", "id": "CVE-2019-25645", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:00:53.933Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25645", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-24T11:06:14.608Z", "datePublished": "2026-03-24T11:27:15.914Z", "dateUpdated": "2026-03-24T13:00:53.933Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-24T11:27:15.914Z"}, "datePublic": "2019-03-16T00:00:00.000Z", "title": "WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service", "descriptions": [{"lang": "en", "value": "WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Sensitive Information in Resource Not Removed Before Reuse", "cweId": "CWE-226", "type": "CWE"}]}], "affected": [{"vendor": "Winavi", "product": "WinAVI iPod/3GP/MP4/PSP Converter", "versions": [{"version": "4.4.2", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46554", "name": "ExploitDB-46554", "tags": ["exploit"]}, {"url": "http://www.winavi.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/winavi-ipod-3gp-mp4-psp-converter-denial-of-service"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25645", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T12:56:51.618896Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T12:58:58.432Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash."}], "id": "CVE-2019-25645", "lastModified": "2026-03-24T15:53:48.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-24T12:16:07.030", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.winavi.com"}, {"source": "disclosure@vulncheck.com", "url": "http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46554"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/winavi-ipod-3gp-mp4-psp-converter-denial-of-service"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-226"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.4.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WinAVI iPod/3GP/MP4/PSP Converter", "source": "cna", "vendor": "Winavi"}, "product": "winavi_ipod/3gp/mp4/psp_converter", "vendor": "winavi"}], "analysis": {"en": {"generated_at": "2026-03-24T12:21:09.079800+00:00", "value": {"mitigation_remediation": ["Check for and install any available update or newer version of WinAVI iPod/3GP/MP4/PSP Converter from the vendor. If no patch is available, avoid using the Convert to iPhone function with untrusted AVI files, limiting the conversion to files from trusted sources. If the conversion feature is not required, consider uninstalling or disabling the WinAVI converter. Monitor the application for unexpected crashes during use and report them to the vendor for further analysis."], "summary": {"action": "Patch", "impact": "Denial of Service via local file exploitation"}, "threat_synthesis": {"affected_systems": "WinAVI \u2013 WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 is affected. Attackers must have local access and the ability to launch the application to exploit the flaw.", "description_and_impact": "The vulnerability allows a local attacker to craft a malformed AVI file with an oversized buffer. When the file is loaded through the Convert to iPhone function, the application crashes, causing a denial of service. The weakness corresponds to a buffer overflow scenario (CWE-226).", "risk_and_exploitability": "The CVSS score of 6.9 indicates a medium severity. No exploit probability is available and the flaw is not listed in CISA\u2019s KEV catalog. The flaw is exploitable only from the local machine; an attacker must supply a crafted AVI file to the application. Once executed, the crash interrupts the user\u2019s workflow but does not grant code execution or remote access."}}}}, "created": "2026-03-25T11:48:28.138265+00:00", "updated": "2026-03-25T20:39:26.854891+00:00", "vendors": ["winavi", "winavi$PRODUCT$winavi_ipod/3gp/mp4/psp_converter"]}