CVE-2019-25665

MEDIUM

River Past Ringtone Converter 2.7.6.1601 Buffer Overflow DoS

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25665. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary This Python script generates a malicious input file containing 300 'A' characters, which triggers a local buffer overflow in River Past Ringtone Converter v2.7.6.1601 when pasted into the 'Email' and 'Activation code' fields, causing a denial of service (DoS).

Description

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's Activate dialog to trigger a denial of service condition.

Exploits (1)

exploitdb WORKING POC
by Rafael Pedrero · pythondoswindows
https://www.exploit-db.com/exploits/46312

This Python script generates a malicious input file containing 300 'A' characters, which triggers a local buffer overflow in River Past Ringtone Converter v2.7.6.1601 when pasted into the 'Email' and 'Activation code' fields, causing a denial of service (DoS).

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: River Past Ringtone Converter v2.7.6.1601
No auth needed
Prerequisites: River Past Ringtone Converter v2.7.6.1601 installed on Windows XP SP3 · User interaction to paste the payload into the activation fields
devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46312
https://www.exploit-db.com/exploits/46312
Product product
Official Product Homepage
http://www.riverpast.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: River Past Ringtone Converter 2.7.6.1601 Buffer Overflow DoS
https://www.vulncheck.com/advisories/river-past-ringtone-converter-buffer-overflow-dos

Scores

CVSS v3 6.2
EPSS 0.0019
EPSS Percentile 8.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
river_past_ringtone_converter_project/river_past_ringtone_converter < 2.7.6.1601
Riverpast/River Past Ringtone Converter 2.7.6.1601
Published Apr 05, 2026
Tracked Since Apr 06, 2026