CVE-2019-25560
Denial of Service via Malformed MP3 in Lyric Video Creator
Publication date: 2026-03-21
Last updated on: 2026-04-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lyricvideocreator | lyric_video_creator | 2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-226 | The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25560 is a high-severity denial of service (DoS) vulnerability in Lyric Video Creator version 2.1 and earlier. The vulnerability occurs because the application improperly handles MP3 files that contain an oversized buffer. An attacker can create a specially crafted MP3 file with this oversized buffer and cause the application to crash by opening the file through the "Browse song" functionality.'}, {'type': 'paragraph', 'content': 'This issue is related to a buffer overflow condition where the application processes malformed MP3 files, leading to a crash and denial of service.'}] [1, 3]
How can this vulnerability impact me? :
This vulnerability can cause the Lyric Video Creator application to crash, resulting in a denial of service. An attacker can remotely exploit this flaw without any authentication or user interaction by providing a crafted MP3 file.
The impact is primarily on the availability of the application, meaning legitimate users may be unable to use the software while it is crashed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the Lyric Video Creator version 2.1 or earlier is processing malformed MP3 files that contain an oversized buffer, which causes the application to crash.'}, {'type': 'paragraph', 'content': "One practical detection method is to test the application by loading a crafted MP3 file with an excessively large buffer (for example, a file containing thousands of repeated characters) through the 'Browse song' functionality and observe if the application crashes."}, {'type': 'paragraph', 'content': 'A proof-of-concept exploit uses a Python script to create such a malformed MP3 file. Running this script and then opening the generated file in the application can confirm the presence of the vulnerability.'}, {'type': 'list_item', 'content': "Use a Python script to generate a malformed MP3 file with an oversized buffer (e.g., 5000 'A' characters)."}, {'type': 'list_item', 'content': "Open the crafted MP3 file in Lyric Video Creator via the 'Browse song' button."}, {'type': 'list_item', 'content': 'If the application crashes or becomes unresponsive, the vulnerability is present.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, avoid opening or processing untrusted or suspicious MP3 files in Lyric Video Creator version 2.1 or earlier.
Since the vulnerability is triggered by malformed MP3 files with oversized buffers, restricting or filtering MP3 files from untrusted sources can reduce the risk.
Additionally, consider updating to a newer version of the software if available, or applying any patches provided by the vendor to fix this issue.
If no update or patch is available, consider using alternative software that does not have this vulnerability.