Lucene search

[email protected]NVD:CVE-2023-33693

HistoryJun 05, 2023 - 4:15 p.m.

CVE-2023-33693

2023-06-0516:15:09

CWE-787

[email protected]

web.nvd.nist.gov

buffer overflow

easyplayerpro-win

denial of service

crafted xml file

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.3%

JSON

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

tsingseeeasyplayerproRange3.2.19.0106–3.6.19.0823

References

github.com/tsingsee/EasyPlayerPro-Win/blob/master/Src/C%2B%2B/EasyPlayerPro/xmlConfig.h

github.com/tsingsee/EasyPlayerPro-Win/pull/24

www.youtube.com/watch?v=K27nGHa-hTE&ab_channel=ErnestAng

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2023-33693

cve1 cvelist1 prion1