CVE-2023-53874 — CRITICAL (9.8)

Vulnerability Description

GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gomlab	Gom Player	2.3.90.5360

Related Weaknesses (CWE)

CWE-120

References

https://www.exploit-db.com/exploits/51724ExploitThird Party AdvisoryVDB Entry
https://www.gomlab.comProduct
https://www.vulncheck.com/advisories/gom-player-buffer-overflow-via-equalizer-prThird Party Advisory
https://www.exploit-db.com/exploits/51724ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2023-53874?

CVE-2023-53874 is a vulnerability with a CVSS score of 9.8 (CRITICAL). GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 26...

How severe is CVE-2023-53874?

CVE-2023-53874 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-53874?

Check the references section above for vendor advisories and patch information. Affected products include: Gomlab Gom Player.