Lucene search

[email protected]CVE-2023-33693

HistoryJun 05, 2023 - 4:15 p.m.

CVE-2023-33693

2023-06-0516:15:09

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-33693

buffer overflow

easyplayerpro-win

dos

crafted xml file

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

tsingseeeasyplayerproRange3.2.19.0106–3.6.19.0823

CPENameOperatorVersion
tsingsee:easyplayerprotsingsee easyplayerprole3.6.19.0823

CPE	Name	Operator	Version
tsingsee:easyplayerpro	tsingsee easyplayerpro	le	3.6.19.0823

References

github.com/tsingsee/EasyPlayerPro-Win/blob/master/Src/C%2B%2B/EasyPlayerPro/xmlConfig.h

github.com/tsingsee/EasyPlayerPro-Win/pull/24

www.youtube.com/watch?v=K27nGHa-hTE&ab_channel=ErnestAng

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVE-2023-33693

prion1 cvelist1 nvd1