| Summary: | media-video/kmplayer: processing subtitles format media leads to memory out-of-bound read/write | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | media-video |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1698369 | ||
| Whiteboard: | B2 [upstream/ebuild] | ||
| Package list: | Runtime testing required: | --- | |
That's not KDE software and probably nothing Gentoo has in its repositories. Closing as invalid: This is not for media-video/kmplayer or any other package in Gentoo. |
From ${URL} : When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. Reference: https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34991 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.