Description
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash.
Published: 2026-03-11
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

InputMapper 1.6.10 contains a buffer overflow in the username field that causes the application to crash when a locally privileged attacker supplies an overly long string and triggers processing. The vulnerability is a classic example of resource exhaustion (CWE‑770), leading to a local denial of service without affecting confidentiality or integrity or allowing remote code execution.

Affected Systems

The affected product is InputMapper issued by DSD Consulting Services LLC. The specific vulnerable release is 1.6.10; no other affected versions are explicitly listed.

Risk and Exploitability

The CVSS score of 6.7 indicates moderate severity. However, the EPSS score is below 1 % and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of widespread exploitation. The attack vector is local; an attacker must run code on the affected machine to trigger the crash. No steps for privilege escalation or remote exploitation are described in the data.

Generated by OpenCVE AI on March 17, 2026 at 14:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Determine the current InputMapper version on each system.
  • Check the vendor’s website or support portal for a patch or newer release that removes the overlong username handling flaw.
  • Apply the official patch or upgrade to a non‑vulnerable InputMapper version.
  • If no patch is available, restrict local user access to the InputMapper application or run it in a sandboxed environment.
  • Restart the application after any change and monitor for stability.

Generated by OpenCVE AI on March 17, 2026 at 14:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Dsd Consulting Services
Dsd Consulting Services inputmapper
Vendors & Products Dsd Consulting Services
Dsd Consulting Services inputmapper

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash.
Title InputMapper 1.6.10 Local Denial of Service via Username Field
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Dsd Consulting Services Inputmapper
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:04:23.260Z

Reserved: 2026-02-22T14:03:45.532Z

Link: CVE-2019-25464

cve-icon Vulnrichment

Updated: 2026-03-11T19:23:10.535Z

cve-icon NVD

Status : Deferred

Published: 2026-03-11T19:15:59.457

Modified: 2026-04-15T14:56:45.970

Link: CVE-2019-25464

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:54Z

Weaknesses