CVE-2019-25562

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.jetaudio.com/	Product
https://www.exploit-db.com/exploits/46818	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/jetaudio-denial-of-service-via-file-naming-buffer-overflow	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jetaudio:jetaudio:8.1.7:*:*:*:*:*:*:*

History

24 Mar 2026, 20:48

Type	Values Removed	Values Added
Summary		(es) jetAudio 8.1.7 contiene una vulnerabilidad de desbordamiento de búfer en el componente de conversión de video que permite a atacantes locales bloquear la aplicación al proporcionar una cadena de caracteres sobredimensionada en el campo File Naming. Los atacantes pueden pegar un búfer malicioso de 512 bytes en el parámetro File Naming y desencadenar el bloqueo al hacer clic en el botón Preview, causando una denegación de servicio.
CPE		cpe:2.3:a:jetaudio:jetaudio:8.1.7:::::::*
First Time		Jetaudio jetaudio Jetaudio
References	~~() http://www.jetaudio.com/ -~~	() http://www.jetaudio.com/ - Product
References	~~() https://www.exploit-db.com/exploits/46818 -~~	() https://www.exploit-db.com/exploits/46818 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/jetaudio-denial-of-service-via-file-naming-buffer-overflow -~~	() https://www.vulncheck.com/advisories/jetaudio-denial-of-service-via-file-naming-buffer-overflow - Third Party Advisory

21 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-21 13:16

Updated : 2026-03-24 20:48

NVD link : CVE-2019-25562

Mitre link : CVE-2019-25562

CVE.ORG link : CVE-2019-25562

JSON object : View

Products Affected

jetaudio

jetaudio

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-25562", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-21T13:16:19.323", "references": [{"url": "http://www.jetaudio.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46818", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/jetaudio-denial-of-service-via-file-naming-buffer-overflow", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service."}, {"lang": "es", "value": "jetAudio 8.1.7 contiene una vulnerabilidad de desbordamiento de b\u00fafer en el componente de conversi\u00f3n de video que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una cadena de caracteres sobredimensionada en el campo File Naming. Los atacantes pueden pegar un b\u00fafer malicioso de 512 bytes en el par\u00e1metro File Naming y desencadenar el bloqueo al hacer clic en el bot\u00f3n Preview, causando una denegaci\u00f3n de servicio."}], "lastModified": "2026-03-24T20:48:22.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92B58A39-C461-4E62-B40A-2C6404D33F18"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}