Primary

Context

WinAVI iPod/3GP/MP4/PSP Converter Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2. This vulnerability allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the 'Convert to iPhone' function, triggering an application crash.

Impact

Exploitation of this vulnerability leads to a crash of the WinAVI iPod/3GP/MP4/PSP Converter application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, create a Python script that generates an AVI file named 'Evil.avi' with a buffer size of 6000 bytes. Open WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 on a Windows XP SP3 or Windows 7 x64 SP1 system. Click 'Convert to iPhone' and load the 'Evil.avi' file. The application will crash upon processing the file.

Added: Mar 24, 2026, 12:49 PM

Updated: Mar 24, 2026, 12:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WinAVI iPod/3GP/MP4/PSP Converter Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating