Search criteria
4 vulnerabilities by pandora
CVE-2024-41200 (GCVE-0-2024-41200)
Vulnerability from cvelistv5 – Published: 2024-08-05 00:00 – Updated: 2024-11-05 21:22
VLAI
Summary
A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
Severity
5.5 (Medium)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T21:04:23.173420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:22:22.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:04:10.177Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/SecZone-SFuzz/3cf2d8b50ffe4b4951c193d8c0cd65a9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41200",
"datePublished": "2024-08-05T00:00:00.000Z",
"dateReserved": "2024-07-18T00:00:00.000Z",
"dateUpdated": "2024-11-05T21:22:22.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1745 (GCVE-0-2023-1745)
Vulnerability from cvelistv5 – Published: 2023-03-30 23:00 – Updated: 2024-08-02 05:57
VLAI
Title
KMPlayer SHFOLDER.dll uncontrolled search path
Summary
A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.
Severity
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.224633 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.224633 | signaturepermissions-required |
| https://github.com/10cksYiqiyinHangzhouTechnology… | exploit |
| https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv… | exploit |
| https://youtu.be/7bh2BQOqxFo | media-coverage |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.224633"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.224633"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://youtu.be/7bh2BQOqxFo"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KMPlayer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.2.2.73"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "10cksYiqiyinHangzhouTechnology (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in KMPlayer 4.2.2.73 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess in der Bibliothek SHFOLDER.dll. Mit der Manipulation mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T14:13:37.347Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.224633"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.224633"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1bdYaDmtWhnjaHkzv3bZ4PUSMzDJ8JjSV/view"
},
{
"tags": [
"media-coverage"
],
"url": "https://youtu.be/7bh2BQOqxFo"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-20T16:17:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "KMPlayer SHFOLDER.dll uncontrolled search path"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1745",
"datePublished": "2023-03-30T23:00:05.358Z",
"dateReserved": "2023-03-30T19:26:17.934Z",
"dateUpdated": "2024-08-02T05:57:25.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5200 (GCVE-0-2018-5200)
Vulnerability from cvelistv5 – Published: 2018-12-20 14:00 – Updated: 2024-09-16 23:25
VLAI
Title
KMPlayer Heap Overflow Vulnerability
Summary
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.
Severity
CWE
- Heap based overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pandora.tv | KMPlayer |
Affected:
KMPlayer , ≤ 4.2.2.15
(custom)
|
Date Public
2018-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86, x64"
],
"product": "KMPlayer",
"vendor": "Pandora.tv",
"versions": [
{
"lessThanOrEqual": "4.2.2.15",
"status": "affected",
"version": "KMPlayer",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap based overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T13:57:01.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113"
}
],
"title": "KMPlayer Heap Overflow Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2018-12-19T08:30:00.000Z",
"ID": "CVE-2018-5200",
"STATE": "PUBLIC",
"TITLE": "KMPlayer Heap Overflow Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KMPlayer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86, x64",
"version_affected": "\u003c=",
"version_name": "KMPlayer",
"version_value": "4.2.2.15"
}
]
}
}
]
},
"vendor_name": "Pandora.tv"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap based overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2018-5200",
"datePublished": "2018-12-20T14:00:00.000Z",
"dateReserved": "2018-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:25:26.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3194 (GCVE-0-2017-3194)
Vulnerability from cvelistv5 – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
VLAI
Summary
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
Severity
No CVSS data available.
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/342303 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/collection/X… | x_refsource_MISC |
| http://www.securityfocus.com/bid/97158 | vdb-entryx_refsource_BID |
| https://www.scmagazine.com/pandora-apple-app-vuln… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pandora Media, Inc. | Pandora iOS App |
Affected:
Prior to 8.3.2
|
Date Public
2017-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#342303",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/342303"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018"
},
{
"name": "97158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97158"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pandora iOS App",
"vendor": "Pandora Media, Inc.",
"versions": [
{
"status": "affected",
"version": "Prior to 8.3.2"
}
]
}
],
"datePublic": "2017-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#342303",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/342303"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018"
},
{
"name": "97158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97158"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora iOS App",
"version": {
"version_data": [
{
"version_value": "Prior to 8.3.2"
}
]
}
}
]
},
"vendor_name": "Pandora Media, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#342303",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/342303"
},
{
"name": "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018"
},
{
"name": "97158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97158"
},
{
"name": "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/",
"refsource": "MISC",
"url": "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3194",
"datePublished": "2017-12-15T14:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}