{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25595", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T12:56:28.796Z", "datePublished": "2026-03-22T13:38:32.618Z", "dateUpdated": "2026-03-23T16:14:12.191Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:32.618Z"}, "datePublic": "2019-05-07T00:00:00.000Z", "title": "jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler", "descriptions": [{"lang": "en", "value": "jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Pointer Subtraction to Determine Size", "cweId": "CWE-469", "type": "CWE"}]}], "affected": [{"vendor": "Jetaudio", "product": "jetAudio", "versions": [{"version": "8.1.7.20702", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.1.7.20702:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.2:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.1:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.8:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.7:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.6:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.5:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.4:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46810", "name": "ExploitDB-46810", "tags": ["exploit"]}, {"url": "http://www.jetaudio.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.jetaudio.com/download/", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/jetaudio-basic-denial-of-service-via-url-handler"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:14:03.343713Z", "id": "CVE-2019-25595", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:14:12.191Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Jetaudio", "product": "jetAudio", "versions": [{"status": "affected", "version": "8.1.7.20702"}]}], "datePublic": "2019-05-07T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46810", "name": "ExploitDB-46810", "tags": ["exploit"]}, {"url": "http://www.jetaudio.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.jetaudio.com/download/", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/jetaudio-basic-denial-of-service-via-url-handler", "name": "VulnCheck Advisory: jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-469", "description": "Use of Pointer Subtraction to Determine Size"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.1.7.20702:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.2:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.1:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.8:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.7:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.6:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.5:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:jetaudio:jetaudio:8.0.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:32.618Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25595", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:14:03.343713Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-23T16:14:08.919Z"}}]}, "cveMetadata": {"cveId": "CVE-2019-25595", "state": "PUBLISHED", "dateUpdated": "2026-03-22T13:38:32.618Z", "dateReserved": "2026-03-22T12:56:28.796Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:32.618Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally."}, {"lang": "es", "value": "jetAudio 8.1.7.20702 Basic contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una cadena excesivamente larga a trav\u00e9s del gestor de entrada de URL. Los atacantes pueden desencadenar el bloqueo al pegar un b\u00fafer de 5000 caracteres en el di\u00e1logo 'Abrir URL', lo que provoca que la aplicaci\u00f3n termine de forma an\u00f3mala."}], "id": "CVE-2019-25595", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:26.407", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.jetaudio.com/"}, {"source": "disclosure@vulncheck.com", "url": "http://www.jetaudio.com/download/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46810"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/jetaudio-basic-denial-of-service-via-url-handler"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-469"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.1.7.20702"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "jetAudio", "source": "cna", "vendor": "Jetaudio"}, "product": "jetaudio", "vendor": "jetaudio"}], "analysis": {"en": {"generated_at": "2026-03-22T14:43:33.697116+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest version of JetAudio that includes the fix.", "If an update is unavailable, avoid using the Open URL dialog or restrict the input length when possible.", "Check the vendor\u2019s website or advisories for an available patch or additional guidance."], "summary": {"action": "Apply Update", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "JetAudio products from Jetaudio, notably version 8.1.7.20702 and all earlier 8.0.x releases, are impacted. The flaw affects users who have the ability to enter URLs via the Open URL feature, regardless of operating system.", "description_and_impact": "This vulnerability allows a local attacker to crash the JetAudio application by supplying an excessively long string to its URL input handler. By entering a buffer of 5000 characters into the Open URL dialog, the application terminates abruptly, resulting in a loss of service for the user. The weakness is an uncontrolled memory allocation, evidencing CWE-469: Uncontrolled Memory Allocation.", "risk_and_exploitability": "The CVSS score of 6.9 indicates medium severity, and no EPSS score is available. This vulnerability is not listed in the CISA KEV catalog, suggesting limited exploitation to date. The attack vector is local; an attacker must have physical or remote access sufficient to run the application and paste the oversized string. Consequently, the risk is confined to local or compromised users using JetAudio."}}}}, "created": "2026-03-23T09:46:23.634379+00:00", "updated": "2026-03-25T14:46:21.668539+00:00", "vendors": ["jetaudio", "jetaudio$PRODUCT$jetaudio"]}