The vulnerability allows attackers to cause the Lyric Video Creator 2.1 application to crash when it processes a specially crafted MP3 file. The flaw arises from an oversized buffer used during decoding of the media metadata. An attacker can create a malformed MP3 and trigger a denial‑of‑service by using the Browse song feature, resulting in application termination and potential disruption of user workflow. The weakness aligns with CWE‑226, which involves an out‑of‑bounds write or buffer overflow that can lead to denial of service.

This issue affects the Lyric Video Creator 2.1 product released by Lyricvideocreator. Only the 2.1 version is known to be vulnerable; newer releases are not listed as impacted. The product is typically installed on Windows desktop environments and used for editing lyric videos.

The vulnerability carries a CVSS score of 8.7, indicating a high severity. No EPSS score is available, and the flaw is not listed in CISA’s KEV catalog, suggesting it is not currently being widely exploited. The attack requires the victim to open a malformed MP3 file in the application, making it a local or user‑initiated exploit. Although the impact is disruptive, the attack vector does not permit remote code execution or privilege escalation. Nevertheless, any organization that relies on Lyric Video Creator 2.1 should treat this as a high‑risk issue until a patch is applied.