Cyber Resilience

CVE-2023-37734

CriticalPublic PoC

Published: 10 August 2023

Published
10 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0017 38.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-37734 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Ezsoftmagic Mp3 Audio Converter. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 38.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

EZ softmagic MP3 Audio Converter version 2.7.3.700 contains a buffer overflow vulnerability tracked as CVE-2023-37734 and assigned CWE-120. The flaw received a CVSS 3.1 score of 9.8 reflecting network attack vector, low complexity, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can supply a crafted input file or network payload to trigger the overflow, enabling arbitrary code execution or a denial-of-service condition on the affected converter.

The listed references point to a technical write-up and an older Exploit-DB entry but contain no official vendor advisory or patch information.

EPSS for the CVE rose from a low baseline to a peak of 0.1290 on 2025-01-22 before receding to the current value of 0.0017, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ezsoftmagic
mp3 audio converter
2.7.3.700

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References