Description
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception handler override, and shellcode to trigger code execution when the application processes the input.
Published: 2026-04-05
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution
Action: Patch Immediately
AI Analysis

Impact

River Past Video Cleaner version 7.6.3 contains a structured exception handler buffer overflow that allows a local user to execute arbitrary code by providing a specially crafted string in the Lame_enc.dll field. By inserting 280 bytes of padding, overwriting the next SEH record, and injecting shellcode, the application will transfer control to the attacker’s payload, resulting in a full code execution—an uncontrolled buffer overflow (CWE‑787).

Affected Systems

The only affected product is River Past Video Cleaner version 7.6.3; no other vendors or versions are listed by the CNA.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity for local attackers who can supply input to the application. EPSS data is unavailable and the vulnerability is not listed in CISA’s KEV database, suggesting that widespread exploitation is currently undocumented. The attack requires a local user to supply a malicious string to the Lame_enc.dll field; there is no known network-facing entry point, so the greatest risk lies with individuals who have direct local access to the machine.

Generated by OpenCVE AI on April 6, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official River Past Video Cleaner patch that resolves the SEH buffer overflow or upgrade to a fixed version.
  • If a patch is not yet available, limit use of the application to trusted users and block arbitrary input to the Lame_enc.dll field.
  • Run the application inside a sandbox or virtual machine to contain potential compromise.

Generated by OpenCVE AI on April 6, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared River Past
River Past river Past Video Cleaner
Vendors & Products River Past
River Past river Past Video Cleaner

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception handler override, and shellcode to trigger code execution when the application processes the input.
Title River Past Video Cleaner 7.6.3 Buffer Overflow via SEH
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

River Past River Past Video Cleaner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:11:34.811Z

Reserved: 2026-04-05T13:09:26.873Z

Link: CVE-2019-25670

cve-icon Vulnrichment

Updated: 2026-04-06T18:11:30.468Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-05T21:16:44.610

Modified: 2026-04-07T13:20:35.010

Link: CVE-2019-25670

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:48:38Z

Weaknesses