CVE-2019-19489

MEDIUM

SMPlayer 19.5.0 - Buffer Overflow via Long .m3u File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19489. PoCs published by Malav Vyas.

AI-analyzed exploit summary This Python script generates a malicious .m3u playlist file with 25,000 'A' characters to trigger a buffer overflow in SMPlayer 19.5.0, resulting in a Denial of Service (DoS) when opened twice.

Description

SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.

Exploits (1)

exploitdb WORKING POC

by Malav Vyas · pythondoswindows

https://www.exploit-db.com/exploits/47709

View Code ZIP pw:eip

This Python script generates a malicious .m3u playlist file with 25,000 'A' characters to trigger a buffer overflow in SMPlayer 19.5.0, resulting in a Denial of Service (DoS) when opened twice.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: SMPlayer v19.5.0

No auth needed

Prerequisites: SMPlayer 19.5.0 installed on Windows 7 (64-bit) · Ability to execute Python script to generate malicious .m3u file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/47709

Scores

CVSS v3 5.5

EPSS 0.0087

EPSS Percentile 54.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-120

Status published

Products (1)

smplayer/smplayer 19.5.0

Published Dec 02, 2019

Tracked Since Feb 18, 2026