Description
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked.
Published: 2026-03-22
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow in the License Name field that can be triggered by providing an oversized payload of 6000 bytes in a text file. When the Register button is clicked, the application crashes, resulting in a denial of service. The vulnerability is classified as CWE-787, a buffer overflow that corrupts memory during input handling.

Affected Systems

The affected product is Alloksoft Fast AVI MPEG Joiner version 1.2.0812, a Windows application. No other versions or vendors are listed in the CNA data. Users running this specific build are vulnerable unless updated or removed.

Risk and Exploitability

With a CVSS score of 6.8 the vulnerability is of medium‑to‑high severity. The attack requires local access to the machine and the ability to run the application and input a malicious license file, making it a local denial‑of‑service vector. No EPSS value is available and the issue is not listed in the CISA KEV catalog, suggesting lower current exploitation activity. Nevertheless, a compromised local user could interrupt service availability by triggering the crash.

Generated by OpenCVE AI on March 22, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s security patch or upgrade to a non‑vulnerable release of Fast AVI MPEG Joiner if one exists.
  • If no patch is available, consider uninstalling the software or restricting local access to the application to prevent attackers from creating or executing the malicious file.
  • Monitor the application logs for crash events and enforce strict controls on the creation and placement of license text files in the system.

Generated by OpenCVE AI on March 22, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Alloksoft
Alloksoft fast Avi Mpeg Joiner
Vendors & Products Alloksoft
Alloksoft fast Avi Mpeg Joiner

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked.
Title Fast AVI MPEG Joiner 1.2.0812 Buffer Overflow Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Alloksoft Fast Avi Mpeg Joiner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T15:14:37.862Z

Reserved: 2026-03-22T13:13:52.738Z

Link: CVE-2019-25606

cve-icon Vulnrichment

Updated: 2026-03-24T14:01:14.175Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-22T14:16:28.433

Modified: 2026-03-23T14:31:37.267

Link: CVE-2019-25606

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:10Z

Weaknesses