CVE-2019-25616
Received Received - Intake
Buffer Overflow in AnMing MP3 CD Burner Causes DoS

Publication date: 2026-03-22

Last updated on: 2026-03-22

Assigner: VulnCheck

Description
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-22
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25616
EUVD
EUVD-2019-19973
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anming mp3_cd_burner 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25616 is a local denial of service vulnerability in AnMing MP3 CD Burner version 2.0 caused by a buffer overflow.

The vulnerability occurs when a local attacker inputs an oversized stringβ€”specifically a 6000-byte payloadβ€”into the registration name field.

This oversized input triggers a buffer overflow that crashes the application, causing it to become unavailable.

Impact Analysis

This vulnerability can cause the AnMing MP3 CD Burner application to crash, resulting in a denial of service condition.

An attacker with local access can exploit this by supplying a specially crafted large input to the registration name field, making the application unusable until restarted.

There is no impact on confidentiality or integrity, but the availability of the application is severely affected.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the AnMing MP3 CD Burner 2.0 application for buffer overflow conditions in the registration name field.'}, {'type': 'paragraph', 'content': 'A practical detection method involves attempting to input an oversized string payload (such as a 6000-byte string) into the registration name field and observing if the application crashes.'}, {'type': 'paragraph', 'content': "Specifically, you can create a text file containing 6000 'A' characters and paste its contents into the registration field to trigger the vulnerability."}, {'type': 'paragraph', 'content': 'Commands to generate such a payload file on a Windows system using PowerShell could be:'}, {'type': 'list_item', 'content': 'powershell -Command "\'A\' * 6000 | Out-File Evil.txt -Encoding ASCII"'}, {'type': 'paragraph', 'content': 'Then, open the AnMing MP3 CD Burner application, navigate to the registration dialog, and paste the contents of Evil.txt into the registration name field to check if the application crashes.'}] [2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the registration name field with oversized input strings to prevent triggering the buffer overflow.

Since the vulnerability requires local access and user interaction, restricting access to the application and limiting who can use the registration feature can reduce risk.

Additionally, monitor for application crashes and avoid pasting or entering unusually large strings in the registration fields.

If possible, update to a patched version of the software or contact the vendor for a fix addressing this buffer overflow vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25616. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart