Denial of Service Vulnerability in KMPlayer by Pandora TV
CVE-2007-4941

Currently unrated

Key Information:

Vendor

Kde

Status
Kmplayer
Vendor
CVE Published:
18 September 2007

What is CVE-2007-4941?

KMPlayer versions 2.9.3.1210 and prior are susceptible to a denial of service attack. Attackers can exploit this vulnerability by manipulating specific properties of AVI files, notably the 'indx truck size' and 'nEntriesInuse' values. When such a crafted AVI file is processed, it can lead to significant CPU consumption, effectively rendering the media player unresponsive. This vulnerability poses a risk to users by potentially affecting system stability and performance.

References

http://www.securityfocus.com/bid/25651
vdb-entryx_refsource_BID
http://securityreason.com/securityalert/3144
third-party-advisoryx_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilities/36585
vdb-entryx_refsource_XF

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.