Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field

Advisories

Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field

severity: medium
date: 3/21/2026
Affecting: MP4 Converter <= 3.25.22
CVE: CVE-2019-25554
CWE: CWE-787 Out-of-bounds Write
CVSS: 6.8
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-46848
Official Product Homepage
Credit: Alejandra Sánchez
Description: Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo