Description
MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and Paste Registration Code' field to trigger a denial of service condition.
Published: 2026-03-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

MyVideoConverter Pro 3.14 contains a local buffer overflow that can be triggered by submitting a 10,000‑byte string to the Copy and Paste Registration Code field, causing the program to crash. The overflow does not grant code execution or elevate privileges; it simply brings the application down, denying service to legitimate users. The weakness corresponds to CWE‑787, Buffer Overflow.

Affected Systems

The vulnerability affects Ivideogo’s MyVideoConverter Pro, specifically version 3.14. No other versions or products are listed as affected.

Risk and Exploitability

The vulnerability has a CVSS score of 6.9, indicating moderate severity. The EPSS score is not disclosed, and the issue is not listed in the CISA KEV catalog, suggesting limited evidence of exploitation. The attack vector is local; an attacker with access to the target machine can invoke the crash by entering the crafted string into the registration field. While it does not compromise confidentiality or integrity, it can disrupt availability for users of the application.

Generated by OpenCVE AI on March 26, 2026 at 15:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Ivideogo’s website for an updated version and apply the patch if available.
  • If no patch exists, consider uninstalling or disabling MyVideoConverter Pro to prevent the denial of service.

Generated by OpenCVE AI on March 26, 2026 at 15:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Ivideogo
Ivideogo myvideoconverter Pro
Vendors & Products Ivideogo
Ivideogo myvideoconverter Pro

Thu, 26 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and Paste Registration Code' field to trigger a denial of service condition.
Title MyVideoConverter Pro 3.14 Denial of Service Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ivideogo Myvideoconverter Pro
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T18:52:29.783Z

Reserved: 2026-03-26T13:19:10.759Z

Link: CVE-2019-25648

cve-icon Vulnrichment

Updated: 2026-03-26T18:52:26.565Z

cve-icon NVD

Status : Deferred

Published: 2026-03-26T14:16:06.273

Modified: 2026-05-01T15:23:27.150

Link: CVE-2019-25648

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:50Z

Weaknesses