Description
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked.
Published: 2026-03-26
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: local code execution
Action: Immediate Patch
AI Analysis

Impact

Allok Video Splitter version 3.1.1217 suffers from a stack-based buffer overflow triggered when a user supplies an oversized string in the License Name field and presses the Register button. The overflow occurs when the input exceeds 780 bytes, potentially allowing a local attacker to crash the application or execute arbitrary code through crafted input. This weakness corresponds to CWE‑787.

Affected Systems

This vulnerability impacts Alloksoft’s Video Splitter product at version 3.1.1217, as identified by the CPE entry. The flaw resides in the registration form of this application and is specific to the specified version. No other products are listed as affected in the available CNA data.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity level, while the EPSS score of less than 1% suggests limited current exploitation activity. It is not present in the CISA KEV catalog. The attack vector is local; a user must have local access to the machine running the application in order to provide the malicious License Name payload. While no public exploit code is cited in the references, the potential for arbitrary code execution warrants immediate attention.

Generated by OpenCVE AI on March 27, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an official patch from Alloksoft for Video Splitter 3.1.1217 or a newer released version if available.
  • If no patch is available, uninstall or disable the application to eliminate the local exploitation surface.
  • Restrict execution of the software to authorized users only and monitor for abnormal crashes or suspicious activity.

Generated by OpenCVE AI on March 27, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Alloksoft video Splitter
CPEs cpe:2.3:a:alloksoft:video_splitter:3.1.1217:*:*:*:*:*:*:*
Vendors & Products Alloksoft video Splitter

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Alloksoft
Alloksoft splitter
Vendors & Products Alloksoft
Alloksoft splitter

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked.
Title Allok Video Splitter 3.1.1217 Buffer Overflow via License Name
First Time appeared Divx
Divx mkv Splitter
Weaknesses CWE-787
CPEs cpe:2.3:a:divx:mkv_splitter:3.1.1217:*:*:*:*:*:*:*
Vendors & Products Divx
Divx mkv Splitter
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Alloksoft Splitter Video Splitter
Divx Mkv Splitter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T13:57:48.223Z

Reserved: 2026-03-26T13:13:31.144Z

Link: CVE-2018-25211

cve-icon Vulnrichment

Updated: 2026-03-26T13:57:42.808Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T14:16:04.057

Modified: 2026-03-27T18:27:58.370

Link: CVE-2018-25211

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:26:13Z

Weaknesses