Ease Audio Converter Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Ease Audio Converter version 5.30. The issue arises in the Audio Cutter function, where local attackers can crash the application by processing malformed MP4 files. Exploitation involves creating a crafted MP4 file with an oversized buffer, which can then be loaded through the Audio Cutter interface to trigger the application crash.

Impact

Exploitation of this vulnerability leads to a crash of the Ease Audio Converter application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first run a Python script that creates a file named 'Evil.mp4' containing an oversized buffer. Then, open Ease Audio Converter 5.30 and select the Audio Cutter function. Load the 'Evil.mp4' file and proceed with the operation, which will result in the application crashing.