Vulnerability Details CVE-2018-5200
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.3%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 6.8
References
Products affected by CVE-2018-5200
-
cpe:2.3:a:pandora:kmplayer:2.9.1.1043
-
cpe:2.3:a:pandora:kmplayer:2.9.1.1045
-
cpe:2.3:a:pandora:kmplayer:2.9.2.1100
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1210
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1227
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1234
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1243
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1250
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1254
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1262
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1272
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1275
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1279
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1284
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1428
-
cpe:2.3:a:pandora:kmplayer:2.9.3.1430
-
cpe:2.3:a:pandora:kmplayer:2.9.4.1436
-
cpe:2.3:a:pandora:kmplayer:2.9.4.1437
-
cpe:2.3:a:pandora:kmplayer:3.0.0.1438
-
cpe:2.3:a:pandora:kmplayer:3.0.0.1439
-
cpe:2.3:a:pandora:kmplayer:3.0.0.1440
-
cpe:2.3:a:pandora:kmplayer:3.0.0.1441
-
cpe:2.3:a:pandora:kmplayer:3.0.0.1442
-
cpe:2.3:a:pandora:kmplayer:3.1.0.0
-
cpe:2.3:a:pandora:kmplayer:3.2.0.0
-
cpe:2.3:a:pandora:kmplayer:3.2.0.16
-
cpe:2.3:a:pandora:kmplayer:3.2.0.17
-
cpe:2.3:a:pandora:kmplayer:3.2.0.18
-
cpe:2.3:a:pandora:kmplayer:3.2.0.19
-
cpe:2.3:a:pandora:kmplayer:3.6.0.87
-
cpe:2.3:a:pandora:kmplayer:3.8.0.119
-
cpe:2.3:a:pandora:kmplayer:4.0.0.0
-
cpe:2.3:a:pandora:kmplayer:4.0.7.1
-
cpe:2.3:a:pandora:kmplayer:4.0.8.1
-
cpe:2.3:a:pandora:kmplayer:4.1.0.3
-
cpe:2.3:a:pandora:kmplayer:4.1.1.5
-
cpe:2.3:a:pandora:kmplayer:4.1.2.2
-
cpe:2.3:a:pandora:kmplayer:4.2.2.15