Security Advisory | KrCERT/CC - KISA 인터넷 보호나라&KrCERT

본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

KrCERT/CC

Security Advisory

home

CVE-2019-9133 | KMPlayer Subtitles parser integer underflow vulnerability2019.04.05

□ Overview

o KMPlayer has a integer underflow vulnerability. This results in a memory corruption and denial of service.

Vulerability Type	Impact	Severity	CVE ID
Integer underflow	Out-of-bound read/write	High	CVE-2019-9133

□ Description

o When processing subtitles format media file, KMPlayer doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.

□ Affected Product

Product	Version	PlatForm
KMPlayer	2018.12.24.14 and prior	Windows

□ Solution

o Update to patched release version(2019.03.28.01)

□ Reference site

http://www.kmplayer.com/pc

□ Acknowledgements

o Thanks to anhdaden of STARlabs for reporting this vulerability.

트위터 페이스북

다음글 CVE-2019-9134 | SoliedoSystems Architectural Information System Stack Overflow Vulnerability 2019.04.05
이전글 CVE-2019-9132 | KaKaoTalk PC Messenger Remote Code Execution 2019.03.27

개인정보처리방침 FAQ 해킹·스팸개인정보침해 신고는 118

네이버 블로그

KISA 인터넷 보호나라&KrCERT

[나주본원] (58324) 전라남도 나주시 진흥길 9 한국인터넷진흥원 대표번호 : 1433-25(수신자 요금 부담)

[서울청사] (05717) 서울시 송파구 중대로 135 (가락동) IT벤처타워 [해킹ㆍ스팸개인정보침해 신고 118]

Copyright(C) 2021 KISA. All rights reserved.