본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-9133 | KMPlayer Subtitles parser integer underflow vulnerability2019.04.05

□ Overview

o KMPlayer has a integer underflow vulnerability. This results in a memory corruption and denial of service.

Vulerability Type

Impact

Severity

CVE ID

Integer underflow

Out-of-bound read/write

High

CVE-2019-9133

 

□ Description

o When processing subtitles format media file, KMPlayer doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. 

 

□ Affected Product

Product

Version

PlatForm

KMPlayer

2018.12.24.14 and prior

Windows

 

□ Solution

o Update to patched release version(2019.03.28.01)

 

□ Reference site

http://www.kmplayer.com/pc

 

□ Acknowledgements

o Thanks to anhdaden of STARlabs for reporting this vulerability.