MidnightBSD

Advisories for gomlab

CVE-2012-1264 HIGH

Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gomlab gom_media_player *
CVE-2012-1774 HIGH

Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gomlab gom_media_player *
CVE-2013-5715 HIGH

Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gomlab gom_player 2.0.11
gomlab gom_player 2.1.15.4610
gomlab gom_player 2.1.28.5039
gomlab gom_player 2.0.6
gomlab gom_player 2.1.6
gomlab gom_player 2.1.39.5101
gomlab gom_player 2.1.14.4525
gomlab gom_player 2.1.25.5015
gomlab gom_player 2.1.49.5139
gomlab gom_player 2.0.9
gomlab gom_player 2.1.9.3754
gomlab gom_player 2.1.33.5071
gomlab gom_player 2.1.9.3753
gomlab gom_player 2.1.37.5085
gomlab gom_player 2.1.3
gomlab gom_player 2.1.21.4846
gomlab gom_player 2.1.8
gomlab gom_player 2.1.1
gomlab gom_player *
gomlab gom_player 2.1.40.5106
gomlab gom_player 2.1.2
gomlab gom_player 2.1.17.4710
gomlab gom_player 2.1.27.5031
gomlab gom_player 2.0.12
gomlab gom_player 2.1.47.5133
gomlab gom_player 2.1.18.4762
gomlab gom_player 2.1.16.4631
gomlab gom_player 2.1.43.5119
CVE-2013-5716 MEDIUM

Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gomlab gom_player 2.0.11
gomlab gom_player 2.1.15.4610
gomlab gom_player 2.1.28.5039
gomlab gom_player 2.0.6
gomlab gom_player 2.1.6
gomlab gom_player 2.1.39.5101
gomlab gom_player 2.1.14.4525
gomlab gom_player 2.1.25.5015
gomlab gom_player 2.1.49.5139
gomlab gom_player 2.1.50.5145
gomlab gom_player 2.0.9
gomlab gom_player 2.1.9.3754
gomlab gom_player 2.1.33.5071
gomlab gom_player 2.1.9.3753
gomlab gom_player 2.1.37.5085
gomlab gom_player 2.1.3
gomlab gom_player 2.1.21.4846
gomlab gom_player 2.1.8
gomlab gom_player 2.1.1
gomlab gom_player *
gomlab gom_player 2.1.40.5106
gomlab gom_player 2.1.2
gomlab gom_player 2.1.17.4710
gomlab gom_player 2.1.27.5031
gomlab gom_player 2.0.12
gomlab gom_player 2.1.47.5133
gomlab gom_player 2.1.18.4762
gomlab gom_player 2.1.16.4631
gomlab gom_player 2.1.43.5119
CVE-2013-7184 MEDIUM

Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gomlab gom_player *
CVE-2014-3216 MEDIUM

GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gomlab gom_media_player *
CVE-2014-3899 MEDIUM

Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gomlab gom_player *
CVE-2017-5881 MEDIUM

GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gomlab gom_player 2.3.10.5266
CVE-2023-53874

GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.

Products Affected

Vendor Product Version
gomlab gom_player 2.3.90.5360
CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.

Products Affected

Vendor Product Version
gomlab gom_player 2.3.90.5360