□ Overview
o KMPlayer has a Heap Based Buffer Overflow Vulnerability. This results in a memory corruption and remote code execution.
|
Vulerability Type
|
Impact
|
Severity
|
CVE ID
|
|
Heap Overflow
|
Code execution
|
High
|
CVE-2018-5200
|
□ Description
o KMPlayer has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.
□ Affected Products
|
Product
|
Version
|
PlatForm
|
|
KMPlayer
|
4.2.2.15 and prior
|
Windows
|
□ Solution
o Update to patched release version(4.2.2.16)
□ Reference site
http://www.kmplayer.com/home
□ Acknowledgements
o Thanks to Daehee Jang for reporting this vulerability through KrCERT/CC's Vulnerability Reward Program.
|