Vulnerabilities ›

CVE-2019-25554

Medium

CWE-787 — Weakness Type

                    Published: Mar 21, 2026                      ·  Modified: Mar 24, 2026                      ·  Source: NVD                

CVSS v3

5.5

🔗 NVD Official

📄 Description (English)

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked.

🤖 AI Executive Summary

CVE-2019-25554 is a local denial of service vulnerability in Tomabo MP4 Converter 3.25.22 caused by a buffer overflow in the Name field when adding presets. The vulnerability requires local access and user interaction to trigger, resulting in application crashes rather than code execution. While the CVSS score is moderate (5.5), the lack of patch availability and exploit complexity limit immediate organizational risk in Saudi environments.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 25, 2026 08:01

🇸🇦 Saudi Arabia Impact Assessment

Impact is limited to organizations using Tomabo MP4 Converter 3.25.22 for media processing tasks. Most at-risk sectors include: Media & Broadcasting companies, Content Creation agencies, and Educational institutions using the software for video conversion. Government media departments and ARAMCO's internal media operations may have isolated instances. Banking and critical infrastructure sectors are unlikely to be affected as this is consumer/prosumer media software. The local-only attack vector significantly reduces risk in typical enterprise environments.

🏢 Affected Saudi Sectors

Media & Broadcasting Content Creation & Production Education & Training Government Media Operations Entertainment Industry

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service (application crash) T1203 - Exploitation for Client Execution (buffer overflow) T1189 - Drive-by Compromise (if delivered via malicious file)

⚖️ Saudi Risk Score (AI)

3.2

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE ACTIONS:

   - Inventory all systems running Tomabo MP4 Converter 3.25.22

   - Restrict local access to affected systems where possible

   - Disable or remove the application if not critical to operations



2. PATCHING GUIDANCE:

   - No official patch is available; contact Tomabo for security updates

   - Consider upgrading to the latest version if available

   - Monitor vendor security advisories for future patches



3. COMPENSATING CONTROLS:

   - Implement application whitelisting to prevent unauthorized execution

   - Use endpoint protection with behavioral analysis to detect buffer overflow attempts

   - Restrict user permissions to prevent installation of untrusted software

   - Monitor process crashes and application errors for anomalies



4. DETECTION RULES:

   - Alert on Tomabo MP4 Converter crashes with event ID 1000 (Application Error)

   - Monitor for repeated failed operations in Video/Audio Formats preset configuration

   - Track file system access patterns to the application directory

   - Log command-line arguments passed to the converter executable

🔧 خطوات المعالجة (العربية)

1. الإجراءات الفورية:

   - حصر جميع الأنظمة التي تعمل بـ Tomabo MP4 Converter 3.25.22

   - تقييد الوصول المحلي للأنظمة المتأثرة حيثما أمكن

   - تعطيل أو إزالة التطبيق إذا لم يكن حرجياً للعمليات



2. إرشادات التصحيح:

   - لا يوجد تصحيح رسمي متاح؛ تواصل مع Tomabo للحصول على تحديثات الأمان

   - فكر في الترقية إلى أحدث إصدار إن أمكن

   - راقب نشرات الأمان من المورد للحصول على تصحيحات مستقبلية



3. الضوابط البديلة:

   - تطبيق قائمة بيضاء للتطبيقات لمنع التنفيذ غير المصرح به

   - استخدام حماية نقطة النهاية مع التحليل السلوكي لكشف محاولات تجاوز المخزن المؤقت

   - تقييد أذونات المستخدم لمنع تثبيت البرامج غير الموثوقة

   - مراقبة أعطال العمليات والأخطاء في التطبيق للكشف عن الشذوذ



4. قواعد الكشف:

   - تنبيهات عند توقف Tomabo MP4 Converter مع معرف الحدث 1000 (خطأ التطبيق)

   - مراقبة العمليات الفاشلة المتكررة في تكوين الإعدادات المسبقة لصيغ الفيديو/الصوت

   - تتبع أنماط الوصول إلى نظام الملفات لدليل التطبيق

   - تسجيل معاملات سطر الأوامر التي يتم تمريرها إلى ملف التحويل القابل للتنفيذ

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies (software inventory and management) A.8.1.1 - User Endpoint Devices (application control and monitoring) A.8.1.3 - Mobile Device Management (if used on mobile systems)

🔵 SAMA CSF

ID.AM-2 - Asset Management (inventory of software assets) PR.IP-1 - Security Policy and Process (patch management procedures) DE.CM-1 - Detection Processes (monitoring for application failures)

🟡 ISO 27001:2022

A.12.2.1 - Change Management (software version control) A.12.6.1 - Management of Technical Vulnerabilities (vulnerability assessment) A.14.2.1 - Secure Development Policy (third-party software security)

🔗 References & Sources 3

🔗

http://www.tomabo.com/

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/46848

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/tomabo-mp4-converter-denial-of-service-via-name-field

disclosure@vulncheck.com

📊 CVSS Score

5.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score5.5

CWECWE-787

Exploit No

Patch ✗ No

Published 2026-03-21

Source Feed nvd

🇸🇦 Saudi Risk Score

3.2

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

CWE-787

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2019-25554

Introduce Yourself

Sign In Required