Description
River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation Code' field and click 'Activate' to trigger a denial of service condition.
Published: 2026-03-26
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

River Past Audio Converter 7.7.16 has a local buffer overflow in the activation code field. A user can enter an oversized input string containing repeated characters and trigger a crash by clicking the Activate button. The vulnerability does not allow remote code execution or data exfiltration; its effect is limited to disrupting the availability of the application.

Affected Systems

The affected product is River Past Audio Converter version 7.7.16 from the vendor River Past Audio Converter. No other affected versions are listed in the data.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity, and the lack of an EPSS value or KEV listing suggests a lower likelihood of widespread exploitation. The attack vector is local, requiring that an attacker has access to the user’s workstation or can run the application. Because the flaw only causes a denial of service, the impact is confined to service interruption rather than data compromise. Given the moderate score and local accessibility, the risk is considered moderate but should be mitigated promptly if the application is used in critical environments.

Generated by OpenCVE AI on March 26, 2026 at 15:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website for an updated version or a patch for River Past Audio Converter 7.7.16 and upgrade to a fixed release as soon as possible.
  • If an update is unavailable, limit the length of input accepted by the E‑Mail and Activation Code field to a safe maximum, or otherwise block excessively long strings before they reach the application.

Generated by OpenCVE AI on March 26, 2026 at 15:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Riverpast
Riverpast river Past Audio Converter
Vendors & Products Riverpast
Riverpast river Past Audio Converter

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation Code' field and click 'Activate' to trigger a denial of service condition.
Title River Past Audio Converter 7.7.16 Local Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Riverpast River Past Audio Converter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T18:24:51.477Z

Reserved: 2026-03-26T13:19:29.330Z

Link: CVE-2019-25649

cve-icon Vulnrichment

Updated: 2026-03-26T18:12:11.818Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T14:16:06.477

Modified: 2026-03-26T15:13:15.790

Link: CVE-2019-25649

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:49Z

Weaknesses