Description
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of service condition.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply patch
AI Analysis

Impact

Lyric Maker 2.0.1.0 contains a buffer overflow in its Title input field. A local user can supply a string up to 5,000 bytes and save a lyric file, causing the application to crash. The crash results in a denial of service, disrupting use of the program, but it does not expose data or enable code execution.

Affected Systems

The vulnerable product is Lyric Maker by Jetaudio, version 2.0.1.0. No other products or versions are listed as affected, so the impact is limited to installations of this release.

Risk and Exploitability

The vulnerability has a CVSS score of 6.9, indicating moderate severity. Exploit probability information is not available, and the issue is not listed in CISA’s Known Exploited Vulnerabilities catalog. Because only a local attacker who can create or modify lyric files can trigger the overflow, the risk is confined to systems with the application installed and used by local users.

Generated by OpenCVE AI on March 21, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a newer version of Lyric Maker that includes a fix for the buffer overflow.
  • If no newer version is available, uninstall the application or prevent its use until a patch is released.
  • As a temporary measure, limit the Title field length to a safer size, or use file validation to reject overly long inputs.
  • Monitor the application for crashes and be ready to roll back to a safe configuration if issues arise.

Generated by OpenCVE AI on March 21, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jetaudio:lyric_maker:2.0.1.0:*:*:*:*:*:*:*

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jetaudio lyric Maker
Vendors & Products Jetaudio lyric Maker

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of service condition.
Title Lyric Maker 2.0.1.0 Denial of Service via Buffer Overflow
First Time appeared Jetaudio
Jetaudio jetaudio
Weaknesses CWE-787
CPEs cpe:2.3:a:jetaudio:jetaudio:2.0.1.0:*:*:*:*:*:*:*
Vendors & Products Jetaudio
Jetaudio jetaudio
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Jetaudio Jetaudio Lyric Maker
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T14:14:59.832Z

Reserved: 2026-03-21T12:31:35.719Z

Link: CVE-2019-25561

cve-icon Vulnrichment

Updated: 2026-03-24T14:14:55.859Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:19.140

Modified: 2026-04-16T18:09:10.390

Link: CVE-2019-25561

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:22Z

Weaknesses