Description
River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's Activate dialog to trigger a denial of service condition.
Published: 2026-04-05
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

The vulnerability is a local buffer overflow in River Past Ringtone Converter 2.7.6.1601. An attacker can exploit this by pasting an excessively long string—300 bytes—into the Email textbox or Activation code textarea within the Activate dialog that is accessed via the Help menu. The overflow triggers a crash of the application, resulting in a denial of service.

Affected Systems

Affected systems are installations of River Past Ringtone Converter produced by Riverpast, specifically version 2.7.6.1601. No other versions or editions are explicitly mentioned. Users running this version on any supported operating system are vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS score is not provided, so the likelihood of exploitation is uncertain. The vulnerability does not appear in the CISA KEV catalog. Exploitation requires local access; the attacker must have the ability to run the application and interact with the Activate dialog. Because the vulnerability causes only a crash and not arbitrary code execution or credential compromise, the impact is limited to service availability, but it can disrupt workflow and potentially be leveraged in a larger attack chain if the application runs with elevated privileges.

Generated by OpenCVE AI on April 5, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest River Past Ringtone Converter update that addresses the buffer overflow.
  • Verify the update by checking the vendor release notes or security advisory.
  • If a patch is not yet available, limit the size of input in the Activation dialog or remove it until a fix is released.

Generated by OpenCVE AI on April 5, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared River Past Ringtone Converter Project
River Past Ringtone Converter Project river Past Ringtone Converter
CPEs cpe:2.3:a:river_past_ringtone_converter_project:river_past_ringtone_converter:*:*:*:*:*:*:*:*
Vendors & Products River Past Ringtone Converter Project
River Past Ringtone Converter Project river Past Ringtone Converter

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Riverpast
Riverpast river Past Ringtone Converter
Vendors & Products Riverpast
Riverpast river Past Ringtone Converter

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's Activate dialog to trigger a denial of service condition.
Title River Past Ringtone Converter 2.7.6.1601 Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

River Past Ringtone Converter Project River Past Ringtone Converter
Riverpast River Past Ringtone Converter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T15:21:01.322Z

Reserved: 2026-04-05T13:04:15.208Z

Link: CVE-2019-25665

cve-icon Vulnrichment

Updated: 2026-04-06T15:20:57.377Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-05T21:16:43.747

Modified: 2026-04-27T13:34:54.430

Link: CVE-2019-25665

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:48:43Z

Weaknesses