Input validation error in GOM Player

#VU42595 Input validation error in GOM Player

Published: 2020-08-11

Vulnerability identifier: #VU42595

Vulnerability risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2013-5716

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
GOM Player
Client/Desktop applications / Multimedia software

Vendor: Gretech Corp.

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

GOM Player: 2.0.6 - 2.1.50.5145

External links
http://www.exploit-db.com/exploits/28080
http://www.securityfocus.com/bid/62173

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Input validation error in Gretech GOM Player