Subtitle Processing Integer Underflow Vulnerability in KMPlayer 2018.12.24.14 or Lower

CVE-2019-9133 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.

Learn more about our User Device Pen Test.