CVE-2019-25560 HIGH

CVE-2019-25560: Lyric Video Creator 2.1 Denial of Service via MP3 File

Vendor Lyricvideocreator
Product Lyric Video Creator
Weakness CWE-226
Published March 21, 2026
Last update March 23, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality.

Key dates

02Disclosure timeline

March 21, 2026 CVE published
March 23, 2026 Record updated