CVE-2023-37734
Published: 10 August 2023
Summary
CVE-2023-37734 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Ezsoftmagic Mp3 Audio Converter. Its CVSS base score is 9.8 (Critical).
Operationally, ranked at the 38.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
EZ softmagic MP3 Audio Converter version 2.7.3.700 contains a buffer overflow vulnerability tracked as CVE-2023-37734 and assigned CWE-120. The flaw received a CVSS 3.1 score of 9.8 reflecting network attack vector, low complexity, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can supply a crafted input file or network payload to trigger the overflow, enabling arbitrary code execution or a denial-of-service condition on the affected converter.
The listed references point to a technical write-up and an older Exploit-DB entry but contain no official vendor advisory or patch information.
EPSS for the CVE rose from a low baseline to a peak of 0.1290 on 2025-01-22 before receding to the current value of 0.0017, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-41611
Vulnerability details
EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.