CVE-2019-25595

jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.jetaudio.com/
http://www.jetaudio.com/download/
https://www.exploit-db.com/exploits/46810
https://www.vulncheck.com/advisories/jetaudio-basic-denial-of-service-via-url-handler

Configurations

No configuration.

History

16 Apr 2026, 16:19

Type	Values Removed	Values Added
Summary		(es) jetAudio 8.1.7.20702 Basic contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga a través del gestor de entrada de URL. Los atacantes pueden desencadenar el bloqueo al pegar un búfer de 5000 caracteres en el diálogo 'Abrir URL', lo que provoca que la aplicación termine de forma anómala.

22 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-22 14:16

Updated : 2026-06-17 02:32

NVD link : CVE-2019-25595

Mitre link : CVE-2019-25595

CVE.ORG link : CVE-2019-25595

JSON object : View

Products Affected

No product.

CWE

CWE-469

Use of Pointer Subtraction to Determine Size

{"id": "CVE-2019-25595", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2019-25595", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:14:03.343713Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "disclosure@vulncheck.com", "affectedData": [{"vendor": "Jetaudio", "product": "jetAudio", "versions": [{"status": "affected", "version": "8.1.7.20702"}]}]}], "published": "2026-03-22T14:16:26.407", "references": [{"url": "http://www.jetaudio.com/", "source": "disclosure@vulncheck.com"}, {"url": "http://www.jetaudio.com/download/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46810", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/jetaudio-basic-denial-of-service-via-url-handler", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-469"}]}], "descriptions": [{"lang": "en", "value": "jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally."}, {"lang": "es", "value": "jetAudio 8.1.7.20702 Basic contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una cadena excesivamente larga a trav\u00e9s del gestor de entrada de URL. Los atacantes pueden desencadenar el bloqueo al pegar un b\u00fafer de 5000 caracteres en el di\u00e1logo 'Abrir URL', lo que provoca que la aplicaci\u00f3n termine de forma an\u00f3mala."}], "lastModified": "2026-06-17T02:32:45.650", "sourceIdentifier": "disclosure@vulncheck.com"}