Описание
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2018.12.24.14 (включая)
Одновременно
cpe:2.3:a:kmplayer:kmplayer:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00126
Низкий
7.8 High
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-190
CWE-191
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.
EPSS
Процентиль: 32%
0.00126
Низкий
7.8 High
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-190
CWE-191