cbcvebase.

Gomlab Gom Player vulnerabilities

9 known vulnerabilities affecting gomlab/gom_player.

Total CVEs
9
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2009-1497P3CRITICALCVSS 9.3PoCv2.1.162009-05-01
CVE-2009-1497 [CRITICAL] CWE-119 CVE-2009-1497: Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 a Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.
nvd
CVE-2011-5162P3CRITICALCVSS 9.3PoCv2.1.33.50712012-09-15
CVE-2011-5162 [CRITICAL] CVE-2011-5162: Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execu Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.
nvd
CVE-2017-5881P3HIGHCVSS 7.8PoCv2.3.10.52662017-02-21
CVE-2017-5881 [HIGH] CWE-119 CVE-2017-5881: GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or p GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
nvd
CVE-2023-53875P3HIGHCVSS 8.8v2.3.90.53602025-12-15
CVE-2023-53875 [HIGH] CWE-319 CVE-2023-53875: GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer compo GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.
nvd
CVE-2013-7184P4MEDIUMCVSS 4.3PoC≤ 2.2.56.51582014-01-24
CVE-2013-7184 [MEDIUM] CWE-119 CVE-2013-7184: Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of servic Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
nvd
CVE-2013-5716P4MEDIUMCVSS 4.3PoC≤ 2.2.53.5169v2.0.6+27 more2013-09-09
CVE-2013-5716 [MEDIUM] CWE-20 CVE-2013-5716: Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
nvd
CVE-2013-5715P3CRITICALCVSS 10.0≤ 2.1.50.5145v2.0.6+26 more2013-09-09
CVE-2013-5715 [CRITICAL] CWE-119 CVE-2013-5715: Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vec Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.
nvd
CVE-2023-53874P3CRITICALCVSS 9.8v2.3.90.53602025-12-15
CVE-2023-53874 [CRITICAL] CWE-120 CVE-2023-53874: GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input f GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.
nvd
CVE-2014-3899P4MEDIUMCVSS 4.3≤ 2.2.51.51492014-08-12
CVE-2014-3899 [MEDIUM] CVE-2014-3899: Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (lau Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file.
nvd