CVE-2019-25474
Received Received - Intake
Buffer Overflow in Easy MP3 Downloader 4.7.8.8 Causes DoS

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25474
EUVD
EUVD-2019-19750
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
easy_mp3_downloader easy_mp3_downloader 4.7.8.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "Easy MP3 Downloader version 4.7.8.8 contains a buffer overflow vulnerability in its Unlock Code feature. This vulnerability allows a local attacker to crash the application by providing an excessively long inputβ€”specifically, an unlock code consisting of 6000 'A' characters. When this large input is pasted into the Unlock Code field during application startup, it causes the application to become unstable and crash, resulting in a denial of service condition."}] [1]

Impact Analysis

This vulnerability can impact you by causing the Easy MP3 Downloader application to crash unexpectedly when an attacker supplies a very long unlock code. This leads to a denial of service (DoS) condition, where the application becomes unusable until restarted. Since the vulnerability requires local access to exploit, it primarily affects users who run the application on their systems and can be targeted by local attackers to disrupt normal usage.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the crash condition in the Easy MP3 Downloader application version 4.7.8.8. Specifically, you can create a file containing 6000 'A' characters and paste its contents into the Unlock Code field during application startup."}, {'type': 'paragraph', 'content': 'A practical detection method involves using the provided Python 2.7 script from the exploit to generate the test input file named "exploit.txt".'}, {'type': 'list_item', 'content': "Run the Python script to generate the file with 6000 'A's."}, {'type': 'list_item', 'content': 'Launch Easy MP3 Downloader and select the manual option for entering the Unlock Code.'}, {'type': 'list_item', 'content': 'Paste the contents of the generated file into the Unlock Code field.'}, {'type': 'paragraph', 'content': 'If the application crashes or becomes unstable, the vulnerability is present.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25474. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart