A buffer overflow exists in the registration dialog of WinMPG Video Convert version 9.3.5 and earlier. When a local attacker supplies an oversized input of about 6000 bytes into the Name and Registration Code fields, the application crashes, leading to a denial of service. This vulnerability falls under CWE‑787 – Buffer Dependent Memory Leak/Overrun and does not provide any remote code execution or privilege escalation. It simply stops the application from functioning until restarted.

The issue affects WinMPG Video Convert 9.3.5 and all earlier releases shipped by Winmpg. No remote systems are dedicated; any local user who can launch or interact with the registration dialog is potentially able to trigger the crash on the affected machine. The vulnerability is confined to the Windows desktop environment where the application runs.

With a CVSS base score of 6.9, the vulnerability is considered moderate severity. The EPSS score is not available, but because it requires local user interaction, the likelihood of exploitation depends on whether an attacker can accomplish the input overflow on a user’s machine. It is not listed in the CISA KEV catalog, and no known public exploit code currently exists. Nonetheless, the exploitation path is simple – a local attacker can paste a crafted string into the dialog to crash the software, so it should be treated as a high priority for patching in environments that rely on uninterrupted video conversion.