Description
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.
Published: 2026-03-24
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via local file exploitation
Action: Patch
AI Analysis

Impact

The vulnerability allows a local attacker to craft a malformed AVI file with an oversized buffer. When the file is loaded through the Convert to iPhone function, the application crashes, causing a denial of service. The weakness corresponds to a buffer overflow scenario (CWE-226).

Affected Systems

WinAVI – WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 is affected. Attackers must have local access and the ability to launch the application to exploit the flaw.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity. No exploit probability is available and the flaw is not listed in CISA’s KEV catalog. The flaw is exploitable only from the local machine; an attacker must supply a crafted AVI file to the application. Once executed, the crash interrupts the user’s workflow but does not grant code execution or remote access.

Generated by OpenCVE AI on March 24, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any available update or newer version of WinAVI iPod/3GP/MP4/PSP Converter from the vendor. If no patch is available, avoid using the Convert to iPhone function with untrusted AVI files, limiting the conversion to files from trusted sources. If the conversion feature is not required, consider uninstalling or disabling the WinAVI converter. Monitor the application for unexpected crashes during use and report them to the vendor for further analysis.

Generated by OpenCVE AI on March 24, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Winavi
Winavi winavi Ipod/3gp/mp4/psp Converter
Vendors & Products Winavi
Winavi winavi Ipod/3gp/mp4/psp Converter

Tue, 24 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.
Title WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service
Weaknesses CWE-226
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Winavi Winavi Ipod/3gp/mp4/psp Converter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T13:00:53.933Z

Reserved: 2026-03-24T11:06:14.608Z

Link: CVE-2019-25645

cve-icon Vulnrichment

Updated: 2026-03-24T12:58:58.432Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T12:16:07.030

Modified: 2026-03-24T15:53:48.067

Link: CVE-2019-25645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:39:26Z

Weaknesses