CVE-2023-53874 – GOM Player 2.3.90.5360 contains a buffer overfl... (How to Fix)

📋 TL;DR

GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field. Attackers can crash the application by overwriting the preset name with 260 'A' characters, causing application instability. All users running this specific version are affected.

💻 Affected Systems

Products:

GOM Player

Versions: 2.3.90.5360

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; earlier or later versions may not be vulnerable

📦 What is this software?

Gom Player by Gomlab

View all CVEs affecting Gom Player →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potential for remote code execution if memory corruption can be controlled

🟠

Likely Case

Application crash and denial of service, disrupting media playback functionality

🟢

If Mitigated

Minimal impact if application is sandboxed or runs with limited privileges

🌐 Internet-Facing: LOW - GOM Player is a desktop media player not typically exposed to internet

🏢 Internal Only: MEDIUM - Could be exploited via malicious media files or shared configurations within internal networks

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple buffer overflow with publicly available proof-of-concept showing crash via 260 'A' characters

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.gomlab.com

Restart Required: No

Instructions:

1. Check GOM Player version
2. If version is 2.3.90.5360, upgrade to latest version
3. Monitor vendor website for security updates

🔧 Temporary Workarounds

Avoid custom equalizer presets

windows

Do not create or use custom equalizer preset names, especially from untrusted sources

Use alternative media player

windows

Temporarily switch to a different media player until GOM Player is updated

🧯 If You Can't Patch

Restrict user permissions to limit potential damage from crashes
Monitor for abnormal application crashes and investigate patterns

🔍 How to Verify

Check if Vulnerable:

Open GOM Player, go to Help > About and check if version is 2.3.90.5360

Check Version:

Not applicable - check via GUI in Help > About menu

Verify Fix Applied:

Update to a newer version and verify the version number has changed from 2.3.90.5360

📡 Detection & Monitoring

Log Indicators:

Application crash logs from GOM Player
Windows Event Viewer application errors

Network Indicators:

Not typically network exploitable

SIEM Query:

EventID=1000 AND SourceName="Application Error" AND ProcessName="GOM.exe"

📊 Metadata

CVE ID: CVE-2023-53874

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.06% exploit probability (17.5th percentile)

Published: December 15, 2025

Last Updated: December 18, 2025

🔗 References

https://www.exploit-db.com/exploits/51724 Exploit,Third Party Advisory,VDB Entry
https://www.gomlab.com Product
https://www.vulncheck.com/advisories/gom-player-buffer-overflow-via-equalizer-preset-name Third Party Advisory
https://www.exploit-db.com/exploits/51724 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53874, you might also want to check these: