Nixpkgs Security Tracker

Permalink CVE-2019-25328

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 month, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 1 week ago
@LeSuisse dismissed 1 month, 1 week ago

XnConvert 1.82 - Denial of Service

XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application crash.

References

ExploitDB-47801 exploit
Vendor Homepage product
Official Product Page product
VulnCheck Advisory: XnConvert 1.82 - Denial of Service third-party-advisory
Official Product Page product
VulnCheck Advisory: XnConvert 1.82 - Denial of Service third-party-advisory
ExploitDB-47801 exploit
Vendor Homepage product

Affected products

XnConvert

==1.82

Matching in nixpkgs

pkgs.xnconvert

Fast, powerful and free cross-platform batch image converter

nixos-unstable 1.105.0
- nixpkgs-unstable 1.105.0
- nixos-unstable-small 1.105.0
nixos-25.11 1.105.0
- nixos-25.11-small 1.105.0
- nixpkgs-25.11-darwin 1.105.0

Package maintainers

@aldenparker Alden Parker

Current stable branch was never impacted.

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.xnconvert

Package maintainers