{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25474", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-23T12:12:34.019Z", "datePublished": "2026-03-11T18:23:16.272Z", "dateUpdated": "2026-04-07T14:04:30.793Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:04:30.793Z"}, "title": "Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Easy MP3 Downloader Denial of Service", "versions": [{"status": "affected", "version": "4.7.8.8"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.</p>"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/47319", "name": "ExploitDB-47319", "tags": ["exploit"]}, {"url": "https://download.cnet.com/Easy-MP3-Downloader/3000-2141_4-10860695.html", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/easy-mp3-downloader-denial-of-service-buffer-overflow", "name": "VulnCheck Advisory: Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "Mohan Ravichandran & Snazzy Sanoj", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-08-30T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25474", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:46:56.637965Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:31:02.266Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25474", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:46:56.637965Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:22:50.972Z"}}], "cna": {"title": "Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mohan Ravichandran & Snazzy Sanoj"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Unknown", "product": "Easy MP3 Downloader Denial of Service", "versions": [{"status": "affected", "version": "4.7.8.8"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.exploit-db.com/exploits/47319", "name": "ExploitDB-47319", "tags": ["exploit"]}, {"url": "https://download.cnet.com/Easy-MP3-Downloader/3000-2141_4-10860695.html", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/easy-mp3-downloader-denial-of-service-buffer-overflow", "name": "VulnCheck Advisory: Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.", "supportingMedia": [{"type": "text/html", "value": "<p>Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-11T21:43:33.108Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25474", "state": "PUBLISHED", "dateUpdated": "2026-03-11T21:43:33.108Z", "dateReserved": "2026-02-23T12:12:34.019Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-11T18:23:16.272Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition."}, {"lang": "es", "value": "Easy MP3 Downloader 4.7.8.8 contiene una vulnerabilidad de desbordamiento de b\u00fafer que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar un c\u00f3digo de desbloqueo excesivamente largo. Los atacantes pueden generar un archivo que contenga 6000 caracteres 'A' y pegar el contenido en el campo C\u00f3digo de Desbloqueo durante el inicio de la aplicaci\u00f3n para desencadenar una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2019-25474", "lastModified": "2026-04-15T14:56:45.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-11T19:16:01.213", "references": [{"source": "disclosure@vulncheck.com", "url": "https://download.cnet.com/Easy-MP3-Downloader/3000-2141_4-10860695.html"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/47319"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/easy-mp3-downloader-denial-of-service-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[4.7.8.8,4.7.8.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Easy MP3 Downloader Denial of Service", "source": "cna", "vendor": "Unknown"}, "product": "easy_mp3_downloader", "vendor": "easy_mp3_downloader"}], "analysis": {"en": {"generated_at": "2026-03-20T15:26:48.224184+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website or software distributor for an updated version of Easy MP3 Downloader that addresses the buffer overflow.", "If a newer version is unavailable, consider uninstalling or disabling the application to prevent local attackers from exploiting the flaw.", "Restrict local user accounts from running the program and monitor for unexpected crashes that could indicate an attempted denial of service."], "summary": {"action": "Update Application", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Easy MP3 Downloader application version 4.7.8.8. No other vendors or products are listed as affected by the CNA. The issue is confined to this specific version of the program.", "description_and_impact": "Easy MP3 Downloader 4.7.8.8 contains a buffer overflow that allows a local attacker to crash the program by entering an overly long unlock code during startup. The overflow occurs when the application copies a user\u2011supplied 6000\u2011character string into a fixed\u2011size buffer, causing the program to terminate unexpectedly. The resulting denial of service denies legitimate users the ability to access the application.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers must have local access to launch the application and provide the malicious unlock code at startup, so the attack vector is local and requires user interaction or a compromised machine running the software. No commercial exploit is publicly documented beyond the reference to exploit\u2011db, indicating that the risk to unpatched systems remains lower than high\u2011severity remote attacks."}}}}, "created": "2026-03-12T09:57:11.628788+00:00", "updated": "2026-03-20T15:29:46.275367+00:00", "vendors": ["easy_mp3_downloader", "easy_mp3_downloader$PRODUCT$easy_mp3_downloader"]}