2 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3

A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc https://vuldb.com/?ctiid.224633 https://vuldb.com/?id.224633 https://youtu.be/7bh2BQOqxFo • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. Al procesar archivos multimedia en formato de subtítulos, KMPlayer versión 2018.12.24.14 o anterior, no comprueba el tamaño del objeto correctamente, lo que conduce al subdesbordamiento de enteros y luego la lectura/escritura de la memoria fuera del limite. Un atacante puede explotar este problema induciendo a un usuario desprevenido para abrir un archivo malicioso. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D55BLGBNWNIMNI5N57WDPAFQCUIM6XX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT5HBIKH64YRZFFAPXGOTHIQJHSTQJF7 https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991 • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •