GOM Player
by Gomlab
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5881 | Hig | 0.54 | 7.8 | 0.08 | Feb 21, 2017 | GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file. | ||
| CVE-2007-5779 | 0.09 | — | 0.72 | Nov 1, 2007 | Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method. | |||
| CVE-2011-5162 | 0.04 | — | 0.07 | Sep 15, 2012 | Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression. | |||
| CVE-2012-1774 | 0.04 | — | 0.07 | Mar 18, 2012 | Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264. | |||
| CVE-2009-1497 | 0.04 | — | 0.07 | May 1, 2009 | Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file. | |||
| CVE-2014-3216 | 0.03 | — | 0.02 | Jun 10, 2014 | GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. | |||
| CVE-2013-7184 | 0.03 | — | 0.02 | Jan 24, 2014 | Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file. | |||
| CVE-2013-5716 | 0.03 | — | 0.02 | Sep 9, 2013 | Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file. | |||
| CVE-2007-0707 | 0.03 | — | 0.04 | Feb 4, 2007 | Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2023-53875 | 0.00 | — | 0.00 | Dec 15, 2025 | GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse… | |||
| CVE-2023-53874 | 0.00 | — | 0.00 | Dec 15, 2025 | GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability. | |||
| CVE-2014-3899 | 0.00 | — | 0.02 | Aug 12, 2014 | Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file. | |||
| CVE-2013-5715 | 0.00 | — | 0.02 | Sep 9, 2013 | Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors. | |||
| CVE-2012-1264 | 0.00 | — | 0.04 | Mar 18, 2012 | Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file. |
- risk 0.54cvss 7.8epss 0.08
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
- CVE-2007-5779Nov 1, 2007risk 0.09cvss —epss 0.72
Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.
- CVE-2011-5162Sep 15, 2012risk 0.04cvss —epss 0.07
Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.
- CVE-2012-1774Mar 18, 2012risk 0.04cvss —epss 0.07
Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264.
- CVE-2009-1497May 1, 2009risk 0.04cvss —epss 0.07
Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.
- CVE-2014-3216Jun 10, 2014risk 0.03cvss —epss 0.02
GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
- CVE-2013-7184Jan 24, 2014risk 0.03cvss —epss 0.02
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
- CVE-2013-5716Sep 9, 2013risk 0.03cvss —epss 0.02
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
- CVE-2007-0707Feb 4, 2007risk 0.03cvss —epss 0.04
Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2023-53875Dec 15, 2025risk 0.00cvss —epss 0.00
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse…
- CVE-2023-53874Dec 15, 2025risk 0.00cvss —epss 0.00
GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.
- CVE-2014-3899Aug 12, 2014risk 0.00cvss —epss 0.02
Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file.
- CVE-2013-5715Sep 9, 2013risk 0.00cvss —epss 0.02
Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.
- CVE-2012-1264Mar 18, 2012risk 0.00cvss —epss 0.04
Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file.