CVE-2019-25649
MEDIUMRiver Past Audio Converter 7.7.16 Local Buffer Overflow DoS
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2019-25649. PoCs published by Achilles.
AI-analyzed exploit summary This exploit demonstrates a local buffer overflow vulnerability in River Past Audio Converter 7.7.16, leading to a Denial of Service (DoS) when a maliciously crafted input is pasted into the 'E-Mail and Activation Code' field. The PoC generates a 3000-byte buffer of 'A' characters, which triggers the crash upon activation.
Description
River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation Code' field and click 'Activate' to trigger a denial of service condition.
Exploits (1)
This exploit demonstrates a local buffer overflow vulnerability in River Past Audio Converter 7.7.16, leading to a Denial of Service (DoS) when a maliciously crafted input is pasted into the 'E-Mail and Activation Code' field. The PoC generates a 3000-byte buffer of 'A' characters, which triggers the crash upon activation.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H