Description
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.
Published: 2026-03-22
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

DVDXPlayer Pro 5.5 is susceptible to a local buffer overflow that exploits structured exception handling. A maliciously crafted .plf playlist file containing shellcode and a NOP sled can overflow an internal buffer and hijack the SEH chain, allowing the attacker to run arbitrary code with the privileges of the application. The flaw is a classic out‑of‑bounds write, documented as CWE‑787, and permits full code execution on the host system.

Affected Systems

The vulnerability affects the DVDXPlayer Pro 5.5 software, distributed by Dvd‑X‑Player. Users running this version of the media player are at risk when they open or process .plf files from untrusted sources.

Risk and Exploitability

The CVSS vector scores the flaw as high severity (8.6), indicating significant impact. No EPSS score is available, but the local nature of the exploit means it can be triggered by a user who can place a crafted playlist file on the system. The vulnerability is not listed in the CISA KEV catalog, suggesting that known exploitation is not yet documented. Attackers would need to persuade a user to open a malicious file or run the application with such a file already present.

Generated by OpenCVE AI on March 22, 2026 at 14:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade DVDXPlayer Pro to the latest version or apply the vendor’s security patch if available.
  • Avoid opening or loading .plf files from untrusted or unknown sources until a patch is installed.
  • If upgrading is not possible, restrict application execution privileges or run the software in a sandboxed environment to limit potential damage.

Generated by OpenCVE AI on March 22, 2026 at 14:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Dvd-x-player
Dvd-x-player dvd X Player
Vendors & Products Dvd-x-player
Dvd-x-player dvd X Player

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.
Title DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Dvd-x-player Dvd X Player
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:58:14.462Z

Reserved: 2026-03-22T13:05:40.855Z

Link: CVE-2019-25604

cve-icon Vulnrichment

Updated: 2026-03-23T15:56:00.644Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-22T14:16:28.083

Modified: 2026-03-23T14:31:37.267

Link: CVE-2019-25604

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:12Z

Weaknesses