CVE-2023-53874

Published: Dec 15, 2025Modified: Dec 18, 2025

6.7

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.

Affected (1)

Products: Gomlab: Gom Player

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gomlab Gom Player	Version 2.3.90.5360

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://www.exploit-db.com/exploits/51724

Source: disclosure@vulncheck.com

ExploitThird Party AdvisoryVDB Entry

https://www.gomlab.com

Source: disclosure@vulncheck.com

Product

https://www.vulncheck.com/advisories/gom-player-buffer-overflow-via-equalizer-preset-name

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.exploit-db.com/exploits/51724

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.