彙總 gomlab 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位與輸入驗證問題,在 生產負載與軟體部署 使用場景中可能帶來 應用程式崩潰、記憶體損壞與異常行為 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-53875 | GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction. | [email protected] | 7.5 | 0.29% | 2025-12-15 | 2025-12-18 |
| CVE-2023-53874 | GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability. | [email protected] | 6.7 | 0.06% | 2025-12-15 | 2025-12-18 |
| CVE-2017-5881 | GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file. | [email protected] | 7.8 | 2.19% | 2017-02-21 | 2026-05-13 |
| CVE-2014-3899 | Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file. | [email protected] | 4.3 | 0.68% | 2014-08-12 | 2026-05-06 |
| CVE-2014-3216 | GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. | [email protected] | 4.3 | 7.04% | 2014-06-10 | 2026-05-06 |
| CVE-2013-7184 | Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file. | [email protected] | 4.3 | 12.25% | 2014-01-24 | 2026-04-29 |
| CVE-2013-5716 | Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file. | [email protected] | 4.3 | 9.27% | 2013-09-09 | 2026-04-29 |
| CVE-2013-5715 | Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors. | [email protected] | 10.0 | 0.35% | 2013-09-09 | 2026-04-29 |
| CVE-2011-5162 | Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression. | [email protected] | 9.3 | 26.32% | 2012-09-15 | 2026-04-29 |
| CVE-2012-1774 | Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264. | [email protected] | 10.0 | 4.70% | 2012-03-18 | 2026-04-29 |
| CVE-2012-1264 | Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file. | [email protected] | 9.3 | 1.73% | 2012-03-18 | 2026-04-29 |
| CVE-2009-1497 | Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file. | [email protected] | 9.3 | 25.91% | 2009-05-01 | 2026-04-23 |
| CVE-2009-1022 | Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a subtitle (.srt) file. | [email protected] | 9.3 | 33.65% | 2009-03-20 | 2026-04-23 |