Primary

Context

XnConvert Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in XnConvert version 1.82. The issue arises in the registration code input field, where attackers can paste a 9000-byte buffer of repeated characters to crash the application.

Impact

Exploitation of this vulnerability leads to a crash of the XnConvert application.

Reproduction

To reproduce this vulnerability, download and install XnConvert version 1.82 on a Windows system. After installation, create a text file named 'EVIL.txt' containing 9000 bytes of repeated characters. Copy the contents of this file to the clipboard, then open XnConvert and paste the data into the 'User Name and Registration Code' field. Click 'OK', and after receiving a pop-up message about an invalid code, the application will crash.

Added: Feb 12, 2026, 11:28 PM

Updated: Feb 12, 2026, 11:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XnConvert Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating