CVE-2018-5200

EUVD-2018-16985
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
krcertCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
pandorakmplayer
𝑥
≤ 4.2.2.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113