← voltar
CVE-2019-9133

KMPlayer Subtitles parser Heap Overflow Vulnerability

CVSS 7.8 HIGHEPSS 1.7%CWE-190
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
09 abr 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
Pandora.tv · KMPlayer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7/https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991