CVE-2019-25595
Received Received - Intake
Denial of Service via URL Input Buffer Overflow in jetAudio

Publication date: 2026-03-22

Last updated on: 2026-03-22

Assigner: VulnCheck

Description
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-22
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25595
EUVD
EUVD-2019-19932
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jetaudio jetaudio 8.1.7.20702
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-469 The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2019-25595 is a denial of service vulnerability in jetAudio version 8.1.7.20702 Basic. It occurs when a local attacker supplies an excessively long stringβ€”specifically a buffer of 5000 charactersβ€”into the Open URL dialog's URL input handler."}, {'type': 'paragraph', 'content': 'This long input causes a buffer overflow due to improper input handling, leading the application to crash abnormally and terminate unexpectedly.'}, {'type': 'paragraph', 'content': 'The vulnerability can be triggered by pasting the long string into the URL field after "http://" in the Open URL feature.'}] [1, 2]

Impact Analysis

This vulnerability can cause the jetAudio application to crash unexpectedly, resulting in a denial of service.

An attacker with local access can exploit this by supplying a long string to the URL input, causing the application to terminate abnormally and become unavailable.

While it does not impact confidentiality or integrity, the high impact on availability means users may experience interruptions or loss of service when using jetAudio.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the affected jetAudio version 8.1.7.20702 Basic application. Specifically, you can test the Open URL dialog by pasting an excessively long string (for example, 5000 characters) after "http://" in the URL input field.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating a text file containing 5000 "A" characters, copying this string to the clipboard, and then pasting it into the Open URL dialog in jetAudio. Confirming this input should cause the application to crash if it is vulnerable.'}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since it requires local access and interaction with the application GUI.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting local access to the affected jetAudio application to trusted users only, since the vulnerability requires local attacker interaction.

Avoid pasting or entering excessively long strings (such as 5000 characters) into the Open URL dialog of jetAudio version 8.1.7.20702 Basic.

Monitor for updates or patches from the vendor (http://www.jetaudio.com/) that address this denial of service vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25595. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart