{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25617", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T13:30:33.644Z", "datePublished": "2026-03-22T13:38:49.049Z", "dateUpdated": "2026-03-23T19:03:59.133Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:49.049Z"}, "title": "Ease Audio Converter 5.30 Denial of Service via Audio Cutter", "descriptions": [{"lang": "en", "value": "Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Sensitive Information in Resource Not Removed Before Reuse", "cweId": "CWE-226", "type": "CWE"}]}], "affected": [{"vendor": "Audiotool", "product": "Ease Audio Converter", "versions": [{"version": "5.30", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46732", "name": "ExploitDB-46732", "tags": ["exploit"]}, {"url": "http://www.audiotool.net/download.htm", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.audiotool.net/download/audioconverter.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Ease Audio Converter 5.30 Denial of Service via Audio Cutter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ease-audio-converter-denial-of-service-via-audio-cutter"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-04-22T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T19:03:06.000736Z", "id": "CVE-2019-25617", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T19:03:59.133Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25617", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T19:03:06.000736Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T19:03:41.071Z"}}], "cna": {"title": "Ease Audio Converter 5.30 Denial of Service via Audio Cutter", "credits": [{"lang": "en", "type": "finder", "value": "Achilles"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Audiotool", "product": "Ease Audio Converter", "versions": [{"status": "affected", "version": "5.30"}]}], "datePublic": "2019-04-22T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46732", "name": "ExploitDB-46732", "tags": ["exploit"]}, {"url": "http://www.audiotool.net/download.htm", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.audiotool.net/download/audioconverter.exe", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ease-audio-converter-denial-of-service-via-audio-cutter", "name": "VulnCheck Advisory: Ease Audio Converter 5.30 Denial of Service via Audio Cutter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-226", "description": "Sensitive Information in Resource Not Removed Before Reuse"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:49.049Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25617", "state": "PUBLISHED", "dateUpdated": "2026-03-23T19:03:59.133Z", "dateReserved": "2026-03-22T13:30:33.644Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:49.049Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash."}, {"lang": "es", "value": "Ease Audio Converter 5.30 contiene una vulnerabilidad de denegaci\u00f3n de servicio en la funci\u00f3n Audio Cutter que permite a atacantes locales bloquear la aplicaci\u00f3n al procesar archivos MP4 malformados. Los atacantes pueden crear un archivo MP4 manipulado que contenga un b\u00fafer sobredimensionado y cargarlo a trav\u00e9s de la interfaz de Audio Cutter para provocar un bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2019-25617", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:30.507", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.audiotool.net/download.htm"}, {"source": "disclosure@vulncheck.com", "url": "http://www.audiotool.net/download/audioconverter.exe"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46732"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ease-audio-converter-denial-of-service-via-audio-cutter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-226"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.30"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Ease Audio Converter", "source": "cna", "vendor": "Audiotool"}, "product": "ease_audio_converter", "vendor": "audiotool"}], "analysis": {"en": {"generated_at": "2026-03-22T15:22:13.916176+00:00", "value": {"mitigation_remediation": ["Update to the latest version of Ease Audio Converter", "Avoid processing untrusted MP4 files with the Audio Cutter function", "If an update is unavailable, disable the Audio Cutter feature or isolate the application to prevent usage of the vulnerable component"], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The issue affects only the Ease Audio Converter product released by Audiotool, specifically version 5.30. No other versions or related products are mentioned in the available information.", "description_and_impact": "Ease Audio Converter 5.30 has a denial of service flaw in its Audio Cutter feature. A local attacker can craft a malformed MP4 file that contains an oversized buffer, causing the MP4 parser to overflow and crash the application. This vulnerability is identified as a buffer-based race condition classified under CWE-226. The exploit does not lead to code execution or data disclosure; it simply renders the application unavailable to legitimate users.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity, and the exploit requires local access to the machine where the application runs, meaning it is limited to the context of the user who launches the program. Because the EPSS score is not available and the flaw is not listed in the CISA KEV catalog, there is no evidence of widespread or active exploitation. The primary risk is a local denial of service that disrupts the availability of the application for its user, without affecting system confidentiality or integrity."}}}}, "created": "2026-03-23T09:46:04.422686+00:00", "updated": "2026-03-25T14:50:41.235592+00:00", "vendors": ["audiotool", "audiotool$PRODUCT$ease_audio_converter"]}