CVE-2019-25571 — MEDIUM (6.2)

Vulnerability Description

MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ventismedia	Mediamonkey	4.1.23.1881

Related Weaknesses (CWE)

CWE-226

References

https://www.exploit-db.com/exploits/46378ExploitThird Party AdvisoryVDB Entry
https://www.mediamonkey.com/Product
https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exeProduct
https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformedThird Party Advisory

FAQ

What is CVE-2019-25571?

CVE-2019-25571 is a vulnerability with a CVSS score of 6.2 (MEDIUM). MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. At...

How severe is CVE-2019-25571?

CVE-2019-25571 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-25571?

Check the references section above for vendor advisories and patch information. Affected products include: Ventismedia Mediamonkey.