CVE-2019-25318

HIGH 8.8

AVS Audio Converter 9.1.2.600 - Stack Overflow

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.

CWE	CWE-121
Vendor	avs4you
Product	avs audio converter
Published	Feb 12, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for avs4you avs audio converter

Be the first to know when new high vulnerabilities affecting avs4you avs audio converter are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Avs4You / AVS Audio Converter

9.1.2.600

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47810 avs4you.com: http://www.avs4you.com/ exploit-db.com: https://www.exploit-db.com/exploits/47788 vulncheck.com: https://www.vulncheck.com/advisories/avs-audio-converter-stack-overflow

Credits

boku