Description
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.
Published: 2026-03-21
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via buffer overflow
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the video converter component of JetAudio 8.1.7, where a buffer overflow can be triggered by providing an oversized 512‑byte string in the File Naming field. When the user invokes the Preview button, the application crashes, resulting in a denial of service that affects only the local instance of the program. This overflow is a classic CWE‑787 local‑stack buffer overflow and could be leveraged by an attacker with local access to disrupt the service.

Affected Systems

Jetaudio’s Convert Video jetAudio product, specifically version 8.1.7, is impacted. No other JetAudio versions or products were identified as vulnerable in the data provided.

Risk and Exploitability

The CVSS score of 6.8 places this issue in the medium severity range. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation yet. The attack vector is inferred to be local, as the user must supply a malicious file to the application’s File Naming field and trigger a Preview. If an attacker has local access, they could readily cause the crash; however, remote exploitation would require additional vulnerability or privileged action to deliver the file.

Generated by OpenCVE AI on March 21, 2026 at 14:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest JetAudio release that addresses the buffer overflow.
  • If an update is not yet available, avoid using the Preview feature with untrusted files until a patch is released.
  • Contact JetAudio support to confirm the availability of a fix and obtain guidance on interim safeguards.
  • As an additional precaution, restrict local users from accessing the video converter component or block the application from running until a patch is applied.

Generated by OpenCVE AI on March 21, 2026 at 14:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jetaudio convert Video Jetaudio
Vendors & Products Jetaudio convert Video Jetaudio

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.
Title jetAudio 8.1.7 Denial of Service via File Naming Buffer Overflow
First Time appeared Jetaudio
Jetaudio jetaudio
Weaknesses CWE-787
CPEs cpe:2.3:a:jetaudio:jetaudio:8.1.7:*:*:*:*:*:*:*
Vendors & Products Jetaudio
Jetaudio jetaudio
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Jetaudio Convert Video Jetaudio Jetaudio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:37:25.882Z

Reserved: 2026-03-21T12:31:42.696Z

Link: CVE-2019-25562

cve-icon Vulnrichment

Updated: 2026-03-23T16:37:20.387Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:19.323

Modified: 2026-03-24T20:48:22.983

Link: CVE-2019-25562

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:21Z

Weaknesses