CVE-2019-25328

HIGH

XnConvert 1.82 - Denial of Service via Registration Code Input Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25328. PoCs published by Gokkulraj.

AI-analyzed exploit summary This exploit generates a large file containing 9000 'A' characters to trigger a Denial of Service (DoS) in XnConvert 1.82 when pasted into the 'User Name and Registration Code' field. The crash occurs due to improper handling of the input buffer.

Description

XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application crash.

Exploits (1)

exploitdb WORKING POC
by Gokkulraj · pythondoswindows
https://www.exploit-db.com/exploits/47801

This exploit generates a large file containing 9000 'A' characters to trigger a Denial of Service (DoS) in XnConvert 1.82 when pasted into the 'User Name and Registration Code' field. The crash occurs due to improper handling of the input buffer.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: XnConvert v1.82
No auth needed
Prerequisites: XnConvert 1.82 installed on Windows · Ability to run Python script to generate payload · User interaction to paste payload into the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47801
Various Sources product
https://www.xnview.com
Various Sources product
https://www.xnview.com/en/apps/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/xnconvert-denial-of-service

Scores

CVSS v3 7.5
EPSS 0.0031
EPSS Percentile 23.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-121
Status published
Products (1)
XnSoft/XnConvert 1.82
Published Feb 12, 2026
Tracked Since Feb 18, 2026