[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] PotPlayer denial of service vulnerability
From:       houjingyi <houjingyi647 () gmail ! com>
Date:       2021-03-29 10:35:44
Message-ID: CAN1eSks8184e7qieU4ab340SOyxa3F02S5Symo5f-w7xWWht5A () mail ! gmail ! com
[Download RAW message or body]

PotPlayer is a multimedia software player developed for the Microsoft
Windows operating system by South Korean Internet company Kakao (formerly
Daum Communications). It competes with other popular Windows media players
such as VLC media player, GOM Player, KMPlayer, SMPlayer and Media Player
Classic. PotPlayer's reception has been positive with reviewers
complimenting its wide range of settings and customizations, as well as its
lightweight nature and its support for a large variety of media formats.

I found a denial of service vulnerability in PotPlayer by accident.

vulnerable version : 210127
fixed version : 210318

I just dragged https://bugzilla.libav.org/show_bug.cgi?id=929 into PotPlayer
and it crashed. A dmp file can be found at directory like :

C:\Users\xxxxxx\AppData\Roaming\Daum\PotPlayer\Log

I think this is maybe PotPlayer is not using the latest version of libav
and I contacted Korea Internet & Security Agency.

vendor response:

"
Hello,
This is Kakao Security Team.

Thank you for providing the Korea Internet & Security Agency with
information on the security vulnerability of the potplayer service.

Results of internal Review
We have determined that an error occurs when running MP4 files that do not
fit the format.

However,
  - the potplayer service does not use the libav library
  - and the user's own potplayer program is terminated

* so it is not judged to be a security vulnerability.
* Currently, a revised version has been distributed.


Thank you for reporting the security vulnerability.
Please contact me if you have any questions.


Kakao Security Team.
"

I do not know why they think this is not a security vulnerability, maybe it
can just cause crash and cannot be exploited? I did not investigate
further, but I can confirm this get fixed in the latest version.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic