본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2018-5200 | KMPlayer Heap Overflow vulnerability2018.12.19

□ Overview

o KMPlayer has a Heap Based Buffer Overflow Vulnerability. This results in a memory corruption and remote code execution.

Vulerability Type

Impact

Severity

CVE ID

Heap Overflow

Code execution

High

CVE-2018-5200

 

□ Description

o KMPlayer has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.

 

□ Affected Products

Product

Version

PlatForm

KMPlayer

4.2.2.15 and prior

Windows

 

□ Solution

o Update to patched release version(4.2.2.16)

 

□ Reference site

http://www.kmplayer.com/home

 

□ Acknowledgements

o Thanks to Daehee Jang for reporting this vulerability through KrCERT/CC's Vulnerability Reward Program.