CVE-2019-25571

Name of the Vulnerable Software and Affected Versions MediaMonkey version 4.1.23

Description The software is susceptible to a denial of service condition. Local attackers can cause the application to crash by opening a crafted MP3 file. This file contains an excessively long URL string. Specifically, a malicious MP3 file can be created with a buffer of 4000 bytes appended to a URL. When opened via the File > Open URL dialog, the application crashes. The vulnerable function is related to processing URLs within MP3 files.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid opening MP3 files from untrusted sources.