CVE-2019-25571
Received Received - Intake
Buffer Overflow in MediaMonkey 4.1.23 Causes Denial of Service

Publication date: 2026-03-21

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25571
EUVD
EUVD-2019-19890
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ventismedia mediamonkey 4.1.23.1881
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-226 The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25571 is a denial of service (DoS) vulnerability in MediaMonkey version 4.1.23. It occurs when a local attacker opens a specially crafted MP3 file that contains an excessively long URL string. This URL string includes a buffer of about 4000 bytes appended to a URL, which causes the application to crash when opened through the File > Open URL dialog.

The vulnerability is triggered by a buffer overflow caused by the long URL embedded in the MP3 file, leading to application instability or crash.

Impact Analysis

This vulnerability can impact you by causing MediaMonkey to crash unexpectedly when opening a maliciously crafted MP3 file with a long URL string. This results in a denial of service, making the application unavailable or unstable.

Since the attack requires local access and no special privileges or user interaction, an attacker with local access can disrupt your use of MediaMonkey, potentially interrupting your media management tasks.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to open a specially crafted MP3 file containing an excessively long URL string in MediaMonkey 4.1.23. A proof-of-concept exploit involves a file named "PoC.mp3" which contains a URL followed by a buffer of 4000 \'A\' characters. Opening this file via the File > Open URL or File... dialog causes the application to crash, indicating the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'A practical detection method is to use the provided Python script or similar code to generate such a malicious MP3 file and then open it in the vulnerable MediaMonkey version to observe if the application crashes.'}, {'type': 'paragraph', 'content': 'Example command snippet in Python to create the test file:'}, {'type': 'list_item', 'content': 'python -c "open(\'PoC.mp3\', \'wb\').write(b\'http://127.0.0.1/\' + b\'A\' * 4000 + b\'.mp3\')"'}, {'type': 'paragraph', 'content': 'Then open the generated PoC.mp3 file in MediaMonkey via File > Open URL or File... dialog to check if the application crashes, which confirms the vulnerability.'}] [1, 4]

Mitigation Strategies

To mitigate this vulnerability immediately, avoid opening MP3 files from untrusted sources, especially those that might contain embedded URLs.

Do not use the File > Open URL dialog to open MP3 files unless you are certain of their safety.

If possible, update MediaMonkey to a version later than 4.1.23 where this vulnerability is fixed or apply any available patches.

Restrict local user access to MediaMonkey or limit the ability to open files via the vulnerable dialog until a fix is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25571. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart