EIP-2026-115269

PRE-CVE

foobar2000 1.3.9 - '.pls' / '.m3u' / '.m3u8' Local Crash (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115269. PoCs published by Antonio Z..

AI-analyzed exploit summary This PoC exploits a local crash vulnerability in foobar2000 1.3.9 by creating malformed .pls, .m3u, and .m3u8 playlist files with an overly long URL string (256 'A' characters). The vulnerability likely stems from improper handling of playlist file parsing, leading to a buffer overflow or similar memory corruption.

Description

foobar2000 1.3.9 - '.pls' / '.m3u' / '.m3u8' Local Crash (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Antonio Z. · pythondoswindows

https://www.exploit-db.com/exploits/38710

View Code ZIP pw:eip

This PoC exploits a local crash vulnerability in foobar2000 1.3.9 by creating malformed .pls, .m3u, and .m3u8 playlist files with an overly long URL string (256 'A' characters). The vulnerability likely stems from improper handling of playlist file parsing, leading to a buffer overflow or similar memory corruption.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: foobar2000 1.3.9

No auth needed

Prerequisites: Local access to the target system · Ability to write files to the filesystem

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026