CVE-2019-25554 — MEDIUM (5.5)

Vulnerability Description

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tomabo	Mp4 Converter	3.25.22

Related Weaknesses (CWE)

CWE-787

References

http://www.tomabo.com/Product
https://www.exploit-db.com/exploits/46848ExploitVDB Entry
https://www.vulncheck.com/advisories/tomabo-mp4-converter-denial-of-service-via-Third Party Advisory

FAQ

What is CVE-2019-25554?

CVE-2019-25554 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can tr...

How severe is CVE-2019-25554?

CVE-2019-25554 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-25554?

Check the references section above for vendor advisories and patch information. Affected products include: Tomabo Mp4 Converter.