{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25571", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-21T12:38:23.575Z", "datePublished": "2026-03-21T12:47:10.769Z", "dateUpdated": "2026-03-23T16:24:02.799Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:47:10.769Z"}, "title": "MediaMonkey 4.1.23 Denial of Service via Malformed URL", "descriptions": [{"lang": "en", "value": "MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Sensitive Information in Resource Not Removed Before Reuse", "cweId": "CWE-226", "type": "CWE"}]}], "affected": [{"vendor": "Mediamonkey", "product": "MediaMonkey", "versions": [{"version": "4.1.23.1881", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46378", "name": "ExploitDB-46378", "tags": ["exploit"]}, {"url": "https://www.mediamonkey.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: MediaMonkey 4.1.23 Denial of Service via Malformed URL", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformed-url"}], "credits": [{"lang": "en", "value": "Alejandra S\u00e1nchez", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-02-14T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:23:52.441059Z", "id": "CVE-2019-25571", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:24:02.799Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25571", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:23:52.441059Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:23:57.983Z"}}], "cna": {"title": "MediaMonkey 4.1.23 Denial of Service via Malformed URL", "credits": [{"lang": "en", "type": "finder", "value": "Alejandra S\u00e1nchez"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Mediamonkey", "product": "MediaMonkey", "versions": [{"status": "affected", "version": "4.1.23.1881"}]}], "datePublic": "2019-02-14T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46378", "name": "ExploitDB-46378", "tags": ["exploit"]}, {"url": "https://www.mediamonkey.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exe", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformed-url", "name": "VulnCheck Advisory: MediaMonkey 4.1.23 Denial of Service via Malformed URL", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-226", "description": "Sensitive Information in Resource Not Removed Before Reuse"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-21T12:47:10.769Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25571", "state": "PUBLISHED", "dateUpdated": "2026-03-23T16:24:02.799Z", "dateReserved": "2026-03-21T12:38:23.575Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-21T12:47:10.769Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ventismedia:mediamonkey:4.1.23.1881:*:*:*:*:windows:*:*", "matchCriteriaId": "9775D85A-1A25-482E-AB2D-B40E37061C2E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog."}, {"lang": "es", "value": "MediaMonkey 4.1.23 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales colapsar la aplicaci\u00f3n al abrir un archivo MP3 especialmente dise\u00f1ado que contiene una cadena de URL excesivamente larga. Los atacantes pueden crear un archivo MP3 malicioso con un b\u00fafer que contiene 4000 bytes de datos adjuntos a una URL, lo que hace que la aplicaci\u00f3n colapse cuando el archivo se abre a trav\u00e9s del di\u00e1logo Archivo > Abrir URL."}], "id": "CVE-2019-25571", "lastModified": "2026-03-24T20:41:40.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-21T13:16:21.017", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46378"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.mediamonkey.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exe"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformed-url"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-226"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.1.23.1881"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MediaMonkey", "source": "cna", "vendor": "Mediamonkey"}, "product": "mediamonkey", "vendor": "mediamonkey"}], "analysis": {"en": {"generated_at": "2026-03-24T21:55:54.106301+00:00", "value": {"mitigation_remediation": ["Apply the latest MediaMonkey release from the vendor\u2019s official website, which includes a fix for the URL parsing issue.", "If a patch is not immediately available, disable the File\u00a0>\u00a0Open URL feature or restrict its use to trusted accounts only.", "Rename or delete any malicious MP3 files that contain unusually long URL strings until a patch is applied.", "Verify that antivirus or sandboxing solutions are enabled to prevent accidental execution of suspicious media files.", "Monitor vendor security advisories for updates and apply patches as soon as they appear."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Only the specific build of MediaMonkey 4.1.23.1881 for Windows, distributed by VentisMedia, is affected. No other versions or platforms are listed as vulnerable. The issue manifests when the File\u00a0>\u00a0Open URL dialog is invoked with a malicious file; therefore installing or running other MediaMonkey editions or non\u2011Windows systems is not documented as impacted.", "description_and_impact": "MediaMonkey releases a crash when a user opens a specially crafted MP3 file containing an excessively long URL string. The application fails during processing of this string, causing the program to terminate unexpectedly. The resulting loss of service interrupts the user\u2019s ability to manage music files, and the vulnerability falls under reference CWE-226, a denial\u2011of\u2011service weakness caused by improper handling of user\u2011supplied input.", "risk_and_exploitability": "The CVSS score of 6.9 reflects moderate severity, and the EPSS score of less than 1\u202f% indicates that exploit activity is currently rare. The vulnerability is not cataloged in CISA\u2019s KEV list. Attackers must have local access to the machine or persuade a user to open the malicious MP3, which means the vector is inferred as local or social engineering; no remote exploitation is documented. Consequently, the risk is that a victim\u2019s MediaMonkey instance may be unexpectedly terminated, impacting only the affected workstation."}}}}, "created": "2026-03-23T09:49:10.269257+00:00", "updated": "2026-03-25T14:47:12.707833+00:00", "vendors": ["mediamonkey", "mediamonkey$PRODUCT$mediamonkey"]}