Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-25571

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-21 Mar, 2026 | 12:47
Updated At-23 Mar, 2026 | 16:24
Rejected At-
Credits

MediaMonkey 4.1.23 Denial of Service via Malformed URL

MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:21 Mar, 2026 | 12:47
Updated At:23 Mar, 2026 | 16:24
Rejected At:
▼CVE Numbering Authority (CNA)
MediaMonkey 4.1.23 Denial of Service via Malformed URL

MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.

Affected Products
Vendor
Mediamonkey
Product
MediaMonkey
Versions
Affected
  • 4.1.23.1881
Problem Types
TypeCWE IDDescription
CWECWE-226Sensitive Information in Resource Not Removed Before Reuse
Type: CWE
CWE ID: CWE-226
Description: Sensitive Information in Resource Not Removed Before Reuse
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Alejandra Sánchez
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/46378
exploit
https://www.mediamonkey.com/
product
https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exe
product
https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformed-url
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/46378
Resource:
exploit
Hyperlink: https://www.mediamonkey.com/
Resource:
product
Hyperlink: https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exe
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformed-url
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:21 Mar, 2026 | 13:16
Updated At:24 Mar, 2026 | 20:41

MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
ventismedia
ventismedia
>>mediamonkey>>4.1.23.1881
cpe:2.3:a:ventismedia:mediamonkey:4.1.23.1881:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-226Primarydisclosure@vulncheck.com
CWE ID: CWE-226
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.exploit-db.com/exploits/46378disclosure@vulncheck.com
Exploit
Third Party Advisory
VDB Entry
https://www.mediamonkey.com/disclosure@vulncheck.com
Product
https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exedisclosure@vulncheck.com
Product
https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformed-urldisclosure@vulncheck.com
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/46378
Source: disclosure@vulncheck.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.mediamonkey.com/
Source: disclosure@vulncheck.com
Resource:
Product
Hyperlink: https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exe
Source: disclosure@vulncheck.com
Resource:
Product
Hyperlink: https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformed-url
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2019-25553
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:46
Updated-10 Apr, 2026 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image

CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.

Action-Not Available
Vendor-ceweCewe-Photoworld
Product-photo_importerCEWE PHOTO IMPORTER
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2019-25645
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.10%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 11:27
Updated-24 Mar, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.

Action-Not Available
Vendor-Winavi
Product-WinAVI iPod/3GP/MP4/PSP Converter
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2019-25617
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.10%
||
7 Day CHG~0.00%
Published-22 Mar, 2026 | 13:38
Updated-16 Apr, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ease Audio Converter 5.30 Denial of Service via Audio Cutter

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash.

Action-Not Available
Vendor-Audiotool
Product-Ease Audio Converter
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2019-25563
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.74%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:47
Updated-24 Mar, 2026 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash.

Action-Not Available
Vendor-uvncUvnc
Product-pchelpwarev2PCHelpWareV2
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
Details not found