Description
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Update Application
AI Analysis

Impact

Easy MP3 Downloader 4.7.8.8 contains a buffer overflow that allows a local attacker to crash the program by entering an overly long unlock code during startup. The overflow occurs when the application copies a user‑supplied 6000‑character string into a fixed‑size buffer, causing the program to terminate unexpectedly. The resulting denial of service denies legitimate users the ability to access the application.

Affected Systems

The vulnerability affects the Easy MP3 Downloader application version 4.7.8.8. No other vendors or products are listed as affected by the CNA. The issue is confined to this specific version of the program.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers must have local access to launch the application and provide the malicious unlock code at startup, so the attack vector is local and requires user interaction or a compromised machine running the software. No commercial exploit is publicly documented beyond the reference to exploit‑db, indicating that the risk to unpatched systems remains lower than high‑severity remote attacks.

Generated by OpenCVE AI on March 20, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or software distributor for an updated version of Easy MP3 Downloader that addresses the buffer overflow.
  • If a newer version is unavailable, consider uninstalling or disabling the application to prevent local attackers from exploiting the flaw.
  • Restrict local user accounts from running the program and monitor for unexpected crashes that could indicate an attempted denial of service.

Generated by OpenCVE AI on March 20, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Easy Mp3 Downloader
Easy Mp3 Downloader easy Mp3 Downloader
Vendors & Products Easy Mp3 Downloader
Easy Mp3 Downloader easy Mp3 Downloader

Wed, 11 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.
Title Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Easy Mp3 Downloader Easy Mp3 Downloader
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:04:30.793Z

Reserved: 2026-02-23T12:12:34.019Z

Link: CVE-2019-25474

cve-icon Vulnrichment

Updated: 2026-03-11T19:22:50.972Z

cve-icon NVD

Status : Deferred

Published: 2026-03-11T19:16:01.213

Modified: 2026-04-15T14:56:45.970

Link: CVE-2019-25474

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:46Z

Weaknesses