CVE-2019-25595
Denial of Service via URL Input Buffer Overflow in jetAudio
Publication date: 2026-03-22
Last updated on: 2026-03-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetaudio | jetaudio | 8.1.7.20702 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-469 | The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2019-25595 is a denial of service vulnerability in jetAudio version 8.1.7.20702 Basic. It occurs when a local attacker supplies an excessively long stringβspecifically a buffer of 5000 charactersβinto the Open URL dialog's URL input handler."}, {'type': 'paragraph', 'content': 'This long input causes a buffer overflow due to improper input handling, leading the application to crash abnormally and terminate unexpectedly.'}, {'type': 'paragraph', 'content': 'The vulnerability can be triggered by pasting the long string into the URL field after "http://" in the Open URL feature.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause the jetAudio application to crash unexpectedly, resulting in a denial of service.
An attacker with local access can exploit this by supplying a long string to the URL input, causing the application to terminate abnormally and become unavailable.
While it does not impact confidentiality or integrity, the high impact on availability means users may experience interruptions or loss of service when using jetAudio.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the affected jetAudio version 8.1.7.20702 Basic application. Specifically, you can test the Open URL dialog by pasting an excessively long string (for example, 5000 characters) after "http://" in the URL input field.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating a text file containing 5000 "A" characters, copying this string to the clipboard, and then pasting it into the Open URL dialog in jetAudio. Confirming this input should cause the application to crash if it is vulnerable.'}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since it requires local access and interaction with the application GUI.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local access to the affected jetAudio application to trusted users only, since the vulnerability requires local attacker interaction.
Avoid pasting or entering excessively long strings (such as 5000 characters) into the Open URL dialog of jetAudio version 8.1.7.20702 Basic.
Monitor for updates or patches from the vendor (http://www.jetaudio.com/) that address this denial of service vulnerability and apply them as soon as they become available.