CVE-2019-19513

CRITICAL

BASSMIDI plugin 2.4.12.1 - Code Injection

Title source: llm

Description

The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

http://www.un4seen.com/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/staufnic/CVE/tree/master/CVE-2019-19513

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0198

EPSS Percentile 83.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

un4seen/bassmidi < 2.4.12.1

Published Oct 16, 2020

Tracked Since Feb 18, 2026