CVE-2019-25616
Buffer Overflow in AnMing MP3 CD Burner Causes DoS
Publication date: 2026-03-22
Last updated on: 2026-03-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anming | mp3_cd_burner | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25616 is a local denial of service vulnerability in AnMing MP3 CD Burner version 2.0 caused by a buffer overflow.
The vulnerability occurs when a local attacker inputs an oversized stringβspecifically a 6000-byte payloadβinto the registration name field.
This oversized input triggers a buffer overflow that crashes the application, causing it to become unavailable.
How can this vulnerability impact me? :
This vulnerability can cause the AnMing MP3 CD Burner application to crash, resulting in a denial of service condition.
An attacker with local access can exploit this by supplying a specially crafted large input to the registration name field, making the application unusable until restarted.
There is no impact on confidentiality or integrity, but the availability of the application is severely affected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the AnMing MP3 CD Burner 2.0 application for buffer overflow conditions in the registration name field.'}, {'type': 'paragraph', 'content': 'A practical detection method involves attempting to input an oversized string payload (such as a 6000-byte string) into the registration name field and observing if the application crashes.'}, {'type': 'paragraph', 'content': "Specifically, you can create a text file containing 6000 'A' characters and paste its contents into the registration field to trigger the vulnerability."}, {'type': 'paragraph', 'content': 'Commands to generate such a payload file on a Windows system using PowerShell could be:'}, {'type': 'list_item', 'content': 'powershell -Command "\'A\' * 6000 | Out-File Evil.txt -Encoding ASCII"'}, {'type': 'paragraph', 'content': 'Then, open the AnMing MP3 CD Burner application, navigate to the registration dialog, and paste the contents of Evil.txt into the registration name field to check if the application crashes.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the registration name field with oversized input strings to prevent triggering the buffer overflow.
Since the vulnerability requires local access and user interaction, restricting access to the application and limiting who can use the registration feature can reduce risk.
Additionally, monitor for application crashes and avoid pasting or entering unusually large strings in the registration fields.
If possible, update to a patched version of the software or contact the vendor for a fix addressing this buffer overflow vulnerability.