Lyric Video Creator Denial-of-Service Vulnerability
Vulnerability
A denial-of-service vulnerability has been identified in Lyric Video Creator version 2.1. This issue allows attackers to crash the application by using malformed MP3 files. The vulnerability arises when the application processes these crafted files, which contain oversized buffers, leading to a crash. Attackers can exploit this vulnerability by opening the malicious MP3 files through the application's 'Browse song' feature.
Impact
Exploitation of this vulnerability causes the application to crash, disrupting any ongoing tasks or processes within Lyric Video Creator.
Reproduction
To reproduce this vulnerability, first create a MP3 file with an oversized buffer using a Python script. This file will simulate the malformed MP3 that triggers the denial-of-service condition. Once the file is created, open Lyric Video Creator and use the 'Browse song' button to select the crafted MP3 file. Upon opening the file, the application will crash, demonstrating the denial-of-service vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.