Vulnerability in Lyricvideocreator Lyric Video Creator

CVE-2019-25560

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by…

EPSS: 0.001 (23.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Lyricvideocreator Lyric Video Creator — versions 2.1

Weakness classification (CWE)

CWE-226 — Sensitive Information in Resource Not Removed Before Reuse

References

ExploitDB-46816 (exploit)
Official Product Homepage (product)
Product Reference (product)
VulnCheck Advisory: Lyric Video Creator 2.1 Denial of Service via MP3 File (third-party-advisory)

Frequently asked questions

What is CVE-2019-25560?: CVE-2019-25560 is a high-severity vulnerability in Lyricvideocreator Lyric Video Creator, classified under Sensitive Information in Resource Not Removed Before Reuse. CVSS score: 7.5/10. Published 2026-03-21.
How severe is CVE-2019-25560?: High severity. CVSS v3 base score is 7.5 out of 10.