A-PDF WAV to MP3 Stack-based Buffer Overflow
Description
A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack-based buffer overflow in A-PDF WAV to MP3 v1.0.0 allows arbitrary code execution via a crafted .m3u file.
Vulnerability
A-PDF WAV to MP3 version 1.0.0 contains a stack-based buffer overflow (CWE-121) when processing a specially crafted .m3u file. The vulnerability exists in the file import functionality and is triggered upon opening the malicious playlist.[1]
Exploitation
An attacker must craft a malicious .m3u file and persuade a user to open it with the vulnerable application. No additional privileges or network access are required; the exploit runs in the context of the user. The Rapid7 Metasploit module exploit/windows/fileformat/a_pdf_wav_to_mp3 provides a working payload for arbitrary code execution.[1]
Impact
Successful exploitation results in arbitrary code execution at the user's privilege level. An attacker can gain full control over the affected system, including data exfiltration, installation of malware, or further lateral movement.[1]
Mitigation
No official patch or fixed version has been released. The software appears to be end-of-life and unsupported. Users should avoid opening .m3u files from untrusted sources and consider migrating to alternative tools. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.[1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 1.0.0
- A-PDF/WAV to MP3v5Range: 1.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.rapid7.com/db/modules/exploit/windows/fileformat/a_pdf_wav_to_mp3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.