CVE-2019-25565 — MEDIUM (6.2)

Vulnerability Description

Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Serial Code field during registration, and trigger a denial of service condition that crashes the application.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Magiciso	Magic Iso Maker	5.5

Related Weaknesses (CWE)

CWE-787

References

http://www.magiciso.comBroken Link
http://www.magiciso.com/Setup_MagicISO.exeBroken Link
https://www.exploit-db.com/exploits/46656ExploitVDB Entry
https://www.vulncheck.com/advisories/magic-iso-maker-buffer-overflow-denial-of-sThird Party Advisory

FAQ

What is CVE-2019-25565?

CVE-2019-25565 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Atta...

How severe is CVE-2019-25565?

CVE-2019-25565 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-25565?

Check the references section above for vendor advisories and patch information. Affected products include: Magiciso Magic Iso Maker.