MediaMonkey Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in MediaMonkey version 4.1.23.1881. This vulnerability allows local attackers to crash the application by opening a specially crafted MP3 file that contains an excessively long URL string. The malicious MP3 file can be created with a buffer of 4000 bytes appended to a URL, leading to the application's crash when the file is opened via the 'File > Open URL' dialog.

Impact

Exploitation of this vulnerability causes the MediaMonkey application to crash, disrupting any active media management or playback tasks.

Reproduction

To reproduce this vulnerability, create a Python script that generates an MP3 file with a long URL string. The script should append 4000 bytes of data to the URL, save it as 'PoC.mp3', and then open this file using the MediaMonkey application through the 'File > Open URL' dialog. The application will crash upon opening the crafted MP3 file.