High severity7.5NVD Advisory· Published Feb 12, 2026· Updated Apr 15, 2026

CVE-2019-25330

Description

SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

web.archive.org/web/20190717003929/http://www.bimesoft.com/nvd
www.exploit-db.com/exploits/47795nvd
www.softpedia.com/get/Internet/Offline-Browsers/SurfOffline.shtmlnvd
www.vulncheck.com/advisories/surfoffline-professional-project-name-denial-of-senvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000