CVE-2019-25350

XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/47679
https://www.vulncheck.com/advisories/xmedia-recode-mu-denial-of-service
https://www.xmedia-recode.de/
https://www.xmedia-recode.de/download.php

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) XMedia Recode 3.4.8.6 contiene una vulnerabilidad de denegación de servicio que permite a los atacantes bloquear la aplicación al cargar un archivo de lista de reproducción .m3u especialmente diseñado. Los atacantes pueden crear un archivo .m3u malicioso con un búfer sobredimensionado para desencadenar un bloqueo de la aplicación cuando se abre el archivo.

18 Feb 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 22:16

Updated : 2026-04-15 00:35

NVD link : CVE-2019-25350

Mitre link : CVE-2019-25350

CVE.ORG link : CVE-2019-25350

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2019-25350", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-18T22:16:19.757", "references": [{"url": "https://www.exploit-db.com/exploits/47679", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/xmedia-recode-mu-denial-of-service", "source": "disclosure@vulncheck.com"}, {"url": "https://www.xmedia-recode.de/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.xmedia-recode.de/download.php", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened."}, {"lang": "es", "value": "XMedia Recode 3.4.8.6 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a los atacantes bloquear la aplicaci\u00f3n al cargar un archivo de lista de reproducci\u00f3n .m3u especialmente dise\u00f1ado. Los atacantes pueden crear un archivo .m3u malicioso con un b\u00fafer sobredimensionado para desencadenar un bloqueo de la aplicaci\u00f3n cuando se abre el archivo."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}