CVE-2018-25383 Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

CVE-2018-25383 Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

CVE-2018-25383

CVE-2018-25383 affects Free MP3 CD Ripper 2.8. The vulnerability is a stack-based buffer overflow in WMA file processing within the Convert function, allowing a local attacker to bypass DEP via SEH manipulation and execute arbitrary code (via a ROP chain and shellcode injection). The impact is lo...

OPENSUSE-SU-2026:20821-1 Security update for localsearch

This update for localsearch fixes the following issues: - CVE-2026-1764: Fixed a heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files. bsc1257606 - CVE-2026-1765: Fixed a Denial of Service and potential information disclosure via crafted MP3 files...

Astra Linux - уязвимость в liblivemedia

Live555 suffers from 1.08, which mishandles large requests for the same MP3 stream, leading to recursion and excessive buffer overflows based on the stack mechanism. An attacker can exploit this vulnerability to launch a DoS attack...

MINI-8MP3-XQJQ-754C

Bulletin has no description...

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

Amazon Linux 2023 : tracker-miners (ALAS2023-2026-1580)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1580 advisory. A flaw was found in GNOME localsearch MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead ...

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

CVE-2026-39647

CVE-2026-39647 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin “MP3 Audio Player for Music, Radio & Podcast by Sonaar”, affected through version 5.11. The connected records confirm the issue is SSRF and affect the plugin with versions up to 5.11. No remediation details are ...

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

PT-2026-31211

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

WordPress plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-34981 whisperX REST API: SSRF in download_from_url() — URL validation happens after HTTP request, extension bypass via .mp3

The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...

CVE-2026-34981

The whisperX REST API contains an SSRF vulnerability in FileService.download_from_url() (affecting 0.3.1–0.5.0) where a request is made with no URL validation; the file extension check runs after the HTTP request and can be bypassed by appending .mp3 to an internal URL. The /speech-to-text-url en...

PT-2026-30677

The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.download from url in app/services/file service.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...

CVE-2019-25474

Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application...

CVE-2019-25616

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition...

CVE-2019-25616 AnMing MP3 CD Burner 2.0 Local Denial of Service

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition...

CVE-2019-25616 AnMing MP3 CD Burner 2.0 Local Denial of Service

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition...