Description
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.
Published: 2026-04-12
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local buffer overflow leading to arbitrary code execution
Action: Patch Now
AI Analysis

Impact

Easy Video to iPod Converter 1.6.20 contains a local buffer overflow in the user registration field. A crafted username input exceeding 996 bytes overwrites the structured exception handler, allowing an attacker who can provide the input locally to execute arbitrary code with the privileges of the user running the application. The vulnerability is a classic buffer overflow (CWE‑787).

Affected Systems

The flaw affects the Divxtodvd Easy Video to iPod Converter version 1.6.20. Users running this specific build on any system where the application is installed are at risk; the vulnerability is not tied to a particular operating system but requires the ability to launch the program and supply a username string.

Risk and Exploitability

The CVSS score of 8.6 marks this flaw as high severity, and it is not listed in the CISA KEV catalog. No EPSS score is available, but the vulnerability is exploitable by any local user who can launch the application and provide a crafted input. Since it requires local interaction, the scope is limited to local machines, yet the attack could lead to arbitrary code execution with the victim’s privileges, making it a significant risk for any environment where untrusted users can run the application.

Generated by OpenCVE AI on April 12, 2026 at 13:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website for a patch or newer version of Easy Video to iPod Converter and install it immediately.
  • If no patch is available, uninstall or disable the vulnerable application to prevent local exploitation.
  • Restrict local access controls so that only trusted users can run or interact with the application, limiting the potential for malicious input.

Generated by OpenCVE AI on April 12, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 12 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.
Title Easy Video to iPod Converter 1.6.20 Local Buffer Overflow SEH
First Time appeared Ether Software
Ether Software easy Video To Ipod Converter
Weaknesses CWE-787
CPEs cpe:2.3:a:ether_software:easy_video_to_ipod_converter:1.6.20:*:*:*:*:*:*:*
Vendors & Products Ether Software
Ether Software easy Video To Ipod Converter
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ether Software Easy Video To Ipod Converter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-15T15:22:49.255Z

Reserved: 2026-04-05T15:37:25.824Z

Link: CVE-2019-25701

cve-icon Vulnrichment

Updated: 2026-04-15T15:22:36.099Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T13:16:32.940

Modified: 2026-04-17T17:01:23.500

Link: CVE-2019-25701

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:55:54Z

Weaknesses