Description
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Local)
Action: Update Software
AI Analysis

Impact

AnMing MP3 CD Burner 2.0 contains a buffer overflow in the registration name field that allows a local user to provide an oversized string and crash the program. The attacker supplies a 6000-byte payload causing the application to terminate, resulting in a denial of service for any user of the software. This weakness is classified as CWE-434, an unrestricted input to a resource handling function. The impact is limited to the local system where the software runs, but repeated crashes can prevent the use of the burner and reduce availability.

Affected Systems

The vulnerability affects the AnMing MP3 CD Burner 2.0 application distributed by Ddz1977. No specific patched version is listed, so all installations of version 2.0 remain vulnerable.

Risk and Exploitability

The CVSS score for this flaw is 6.9, indicating medium severity. Exploit probability data is not available and it is not listed in the CISA KEV catalog. The attack vector is local: the attacker must have access to the machine to supply the malicious input. Because the flaw results only in a program crash, no privileged escalation or data compromise is reported, but it can cause service disruption for the user.

Generated by OpenCVE AI on March 22, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest available update to AnMing MP3 CD Burner if a patch has been released.
  • If no patch is available, consider uninstalling the program or disabling the registration name entry to mitigate the risk.
  • Monitor application usage and system logs for repeated crashes that may indicate attempts to exploit this vulnerability.
  • Regularly check the vendor’s website or support forums for new advisories or unofficial fixes.

Generated by OpenCVE AI on March 22, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Ddz1977
Ddz1977 anming Mp3 Cd Burner
Vendors & Products Ddz1977
Ddz1977 anming Mp3 Cd Burner

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
Title AnMing MP3 CD Burner 2.0 Local Denial of Service
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ddz1977 Anming Mp3 Cd Burner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:53:43.712Z

Reserved: 2026-03-22T13:30:21.618Z

Link: CVE-2019-25616

cve-icon Vulnrichment

Updated: 2026-03-23T15:53:37.288Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-22T14:16:30.307

Modified: 2026-03-23T14:31:37.267

Link: CVE-2019-25616

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:50:42Z

Weaknesses