{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25484", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-23T13:57:15.136Z", "datePublished": "2026-03-11T18:23:21.665Z", "dateUpdated": "2026-04-07T14:04:36.812Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:04:36.812Z"}, "title": "WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS", "descriptions": [{"lang": "en", "value": "WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Winmpg", "product": "WinMPG iPod Convert", "versions": [{"version": "3.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/47131", "name": "ExploitDB-47131", "tags": ["exploit"]}, {"name": "VulnCheck Advisory: WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/winmpg-ipod-convert-register-field-buffer-overflow-dos"}], "credits": [{"lang": "en", "value": "stresser", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-07-17T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25484", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:56:46.916027Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:31:00.734Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25484", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:56:46.916027Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:22:33.470Z"}}], "cna": {"title": "WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS", "credits": [{"lang": "en", "type": "finder", "value": "stresser"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Winmpg", "product": "WinMPG iPod Convert", "versions": [{"status": "affected", "version": "3.0"}]}], "datePublic": "2019-07-17T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/47131", "name": "ExploitDB-47131", "tags": ["exploit"]}, {"url": "https://www.vulncheck.com/advisories/winmpg-ipod-convert-register-field-buffer-overflow-dos", "name": "VulnCheck Advisory: WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:04:36.812Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25484", "state": "PUBLISHED", "dateUpdated": "2026-04-07T14:04:36.812Z", "dateReserved": "2026-02-23T13:57:15.136Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-11T18:23:21.665Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition."}, {"lang": "es", "value": "WinMPG iPod Convert 3.0 contiene una vulnerabilidad de desbordamiento de b\u00fafer en el cuadro de di\u00e1logo de Registro que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una carga \u00fatil excesivamente grande. Los atacantes pueden pegar una cadena de caracteres larga en los campos de Nombre de Usuario y C\u00f3digo de Usuario para desencadenar una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2019-25484", "lastModified": "2026-04-15T14:56:45.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-11T19:16:02.560", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/47131"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/winmpg-ipod-convert-register-field-buffer-overflow-dos"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WinMPG iPod Convert", "source": "cna", "vendor": "Winmpg"}, "product": "winmpg_ipod_convert", "vendor": "winmpg"}], "analysis": {"en": {"generated_at": "2026-03-17T14:37:42.162287+00:00", "value": {"mitigation_remediation": ["Verify if a vendor patch or update is available for WinMPG iPod Convert 3.0 and install it if found", "If no patch is available, restrict local access to the application or disable the Register dialog if possible", "Isolate the application in a virtual or containerised environment to contain crashes", "Monitor system logs for repeated application crashes and review user privileges to minimise impact of potential exploits"], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected product is WinMPG iPod Convert 3.0, as noted by the vendors list. No detailed affected\u2011version information is provided beyond the product name, so all releases of this version are potentially vulnerable.", "description_and_impact": "The vulnerability is a buffer overflow in the Register dialog of WinMPG iPod Convert 3.0, allowing a local attacker to crash the application by typing an oversized string into the User Name and User Code fields. The resulting denial of service occurs only while the user runs the application; no persistence, privilege elevation, or data theft is described. The weakness is identified as CWE-787 (Improper Validation of Buffer Size or Buffer Overflow).", "risk_and_exploitability": "The CVSS base score of 6.9 indicates moderate severity. The EPSS score of less than 1% suggests a low likelihood of exploitation in the current threat landscape, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to have local access to a system running the application and the ability to paste a large payload into the user interface, which will terminate the application and possibly interrupt workflow. The risk is therefore limited to local denial of service but could be significant for critical operations relying on the application."}}}}, "created": "2026-03-12T09:57:04.838164+00:00", "updated": "2026-03-20T15:29:39.695051+00:00", "vendors": ["winmpg", "winmpg$PRODUCT$winmpg_ipod_convert"]}