Lucene search

[email protected]CVE-2009-2896

HistoryAug 20, 2009 - 5:30 p.m.

CVE-2009-2896

2009-08-2017:30:11

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-2896

buffer overflow

kmplayer

denial of service

remote attackers

arbitrary code

srt playlist

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.092 Low

EPSS

Percentile

94.7%

JSON

Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

kdekmplayerRange≤2.9.4.1433

kdekmplayerMatch2.9.3.1210

CPENameOperatorVersion
kde:kmplayerkde kmplayerle2.9.4.1433
kde:kmplayerkde kmplayereq2.9.3.1210

CPE	Name	Operator	Version
kde:kmplayer	kde kmplayer	le	2.9.4.1433
kde:kmplayer	kde kmplayer	eq	2.9.3.1210

References

www.exploit-db.com/exploits/9220

www.securityfocus.com/bid/35745

www.vupen.com/english/advisories/2009/1959

exchange.xforce.ibmcloud.com/vulnerabilities/51882

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.092 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2009-2896

nvd1 cvelist1 prion1