{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25464", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-22T14:03:45.532Z", "datePublished": "2026-03-11T18:23:09.187Z", "dateUpdated": "2026-04-07T14:04:23.260Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:04:23.260Z"}, "title": "InputMapper 1.6.10 Local Denial of Service via Username Field", "descriptions": [{"lang": "en", "value": "InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Allocation of Resources Without Limits or Throttling", "cweId": "CWE-770", "type": "CWE"}]}], "affected": [{"vendor": "DSD Consulting Services LLC.", "product": "InputMapper", "versions": [{"version": "1.6.10", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.7, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/47406", "name": "ExploitDB-47406", "tags": ["exploit"]}, {"url": "https://web.archive.org/web/20190324140557/https://inputmapper.com/", "name": "Archived InputMapper Webpage", "tags": ["product"]}, {"name": "VulnCheck Advisory: InputMapper 1.6.10 Local Denial of Service via Username Field", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/inputmapper-local-denial-of-service-via-username-field"}], "credits": [{"lang": "en", "value": "elkoyote07", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-09-23T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25464", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:44:59.502789Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:31:03.751Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25464", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:44:59.502789Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:23:10.535Z"}}], "cna": {"title": "InputMapper 1.6.10 Local Denial of Service via Username Field", "credits": [{"lang": "en", "type": "finder", "value": "elkoyote07"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "DSD Consulting Services LLC.", "product": "InputMapper", "versions": [{"status": "affected", "version": "1.6.10"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/47406", "name": "ExploitDB-47406", "tags": ["exploit"]}, {"url": "https://web.archive.org/web/20190324140557/https://inputmapper.com/", "name": "Archived InputMapper Webpage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/inputmapper-local-denial-of-service-via-username-field", "name": "VulnCheck Advisory: InputMapper 1.6.10 Local Denial of Service via Username Field", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-11T18:23:09.187Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25464", "state": "PUBLISHED", "dateUpdated": "2026-03-11T19:31:03.751Z", "dateReserved": "2026-02-22T14:03:45.532Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-11T18:23:09.187Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash."}, {"lang": "es", "value": "InputMapper 1.6.10 contiene una vulnerabilidad de desbordamiento de b\u00fafer en el campo de nombre de usuario que permite a atacantes locales bloquear la aplicaci\u00f3n al introducir una cadena excesivamente larga. Los atacantes pueden desencadenar una denegaci\u00f3n de servicio al copiar una carga \u00fatil grande en el campo de nombre de usuario y hacer doble clic para procesarla, lo que provoca que la aplicaci\u00f3n se bloquee."}], "id": "CVE-2019-25464", "lastModified": "2026-04-15T14:56:45.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-11T19:15:59.457", "references": [{"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20190324140557/https://inputmapper.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/47406"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/inputmapper-local-denial-of-service-via-username-field"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.10"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "InputMapper", "source": "cna", "vendor": "DSD Consulting Services LLC."}, "product": "inputmapper", "vendor": "dsd_consulting_services"}], "analysis": {"en": {"generated_at": "2026-03-17T14:42:12.308597+00:00", "value": {"mitigation_remediation": ["Determine the current InputMapper version on each system.", "Check the vendor\u2019s website or support portal for a patch or newer release that removes the overlong username handling flaw.", "Apply the official patch or upgrade to a non\u2011vulnerable InputMapper version.", "If no patch is available, restrict local user access to the InputMapper application or run it in a sandboxed environment.", "Restart the application after any change and monitor for stability."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is InputMapper issued by DSD Consulting Services LLC. The specific vulnerable release is 1.6.10; no other affected versions are explicitly listed.", "description_and_impact": "InputMapper 1.6.10 contains a buffer overflow in the username field that causes the application to crash when a locally privileged attacker supplies an overly long string and triggers processing. The vulnerability is a classic example of resource exhaustion (CWE\u2011770), leading to a local denial of service without affecting confidentiality or integrity or allowing remote code execution.", "risk_and_exploitability": "The CVSS score of 6.7 indicates moderate severity. However, the EPSS score is below 1\u202f% and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of widespread exploitation. The attack vector is local; an attacker must run code on the affected machine to trigger the crash. No steps for privilege escalation or remote exploitation are described in the data."}}}}, "created": "2026-03-12T09:57:19.735548+00:00", "updated": "2026-03-20T15:29:54.384182+00:00", "vendors": ["dsd_consulting_services", "dsd_consulting_services$PRODUCT$inputmapper"]}