Description
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

The vulnerability is a buffer overflow in the Register dialog of WinMPG iPod Convert 3.0, allowing a local attacker to crash the application by typing an oversized string into the User Name and User Code fields. The resulting denial of service occurs only while the user runs the application; no persistence, privilege elevation, or data theft is described. The weakness is identified as CWE-787 (Improper Validation of Buffer Size or Buffer Overflow).

Affected Systems

Affected product is WinMPG iPod Convert 3.0, as noted by the vendors list. No detailed affected‑version information is provided beyond the product name, so all releases of this version are potentially vulnerable.

Risk and Exploitability

The CVSS base score of 6.9 indicates moderate severity. The EPSS score of less than 1% suggests a low likelihood of exploitation in the current threat landscape, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to have local access to a system running the application and the ability to paste a large payload into the user interface, which will terminate the application and possibly interrupt workflow. The risk is therefore limited to local denial of service but could be significant for critical operations relying on the application.

Generated by OpenCVE AI on March 17, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify if a vendor patch or update is available for WinMPG iPod Convert 3.0 and install it if found
  • If no patch is available, restrict local access to the application or disable the Register dialog if possible
  • Isolate the application in a virtual or containerised environment to contain crashes
  • Monitor system logs for repeated application crashes and review user privileges to minimise impact of potential exploits

Generated by OpenCVE AI on March 17, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Winmpg
Winmpg winmpg Ipod Convert
Vendors & Products Winmpg
Winmpg winmpg Ipod Convert

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition.
Title WinMPG iPod Convert 3.0 Register Field Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Winmpg Winmpg Ipod Convert
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:04:36.812Z

Reserved: 2026-02-23T13:57:15.136Z

Link: CVE-2019-25484

cve-icon Vulnrichment

Updated: 2026-03-11T19:22:33.470Z

cve-icon NVD

Status : Deferred

Published: 2026-03-11T19:16:02.560

Modified: 2026-04-15T14:56:45.970

Link: CVE-2019-25484

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:39Z

Weaknesses