Heap Based Buffer Overflow Vulnerability in KMPlayer 4.2.2.15 and Earlier: Remote Code Execution via Crafted FLV Format File

Heap Based Buffer Overflow Vulnerability in KMPlayer 4.2.2.15 and Earlier: Remote Code Execution via Crafted FLV Format File

CVE-2018-5200 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.

Learn more about our Web Application Penetration Testing UK.