□ Overview
o KMPlayer has a integer underflow vulnerability. This results in a memory corruption and denial of service.
|
Vulerability Type
|
Impact
|
Severity
|
CVE ID
|
|
Integer underflow
|
Out-of-bound read/write
|
High
|
CVE-2019-9133
|
□ Description
o When processing subtitles format media file, KMPlayer doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.
□ Affected Product
|
Product
|
Version
|
PlatForm
|
|
KMPlayer
|
2018.12.24.14 and prior
|
Windows
|
□ Solution
o Update to patched release version(2019.03.28.01)
□ Reference site
http://www.kmplayer.com/pc
□ Acknowledgements
o Thanks to anhdaden of STARlabs for reporting this vulerability.
|