gomlab CVE Vulnerabilities & Metrics

Focus on gomlab vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About gomlab Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with gomlab. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total gomlab CVEs: 3
Earliest CVE date: 01 May 2009, 16:30 UTC
Latest CVE date: 15 Dec 2025, 21:15 UTC

Latest CVE reference: CVE-2023-53875

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical gomlab CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.37

Max CVSS: 10.0

Critical CVEs (≥9): 3

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	4
7.0-8.9	0
9.0-10.0	3

CVSS Distribution Chart

Top 5 Highest CVSS gomlab CVEs

These are the five CVEs with the highest CVSS scores for gomlab, sorted by severity first and recency.

CVE-2013-5715 gomlab Published on 09 Sep 2013, 17:55 UTC (CVSS: 10.0)
Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.
CVE-2011-5162 gomlab Published on 15 Sep 2012, 17:55 UTC (CVSS: 9.3)
Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.
CVE-2009-1497 gomlab Published on 01 May 2009, 16:30 UTC (CVSS: 9.3)
Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.
CVE-2017-5881 gomlab Published on 21 Feb 2017, 07:59 UTC (CVSS: 6.8)
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
CVE-2014-3899 gomlab Published on 12 Aug 2014, 05:01 UTC (CVSS: 4.3)
Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file.

All CVEs for gomlab

CVE-2023-53875 gomlab vulnerability CVSS: 0 15 Dec 2025, 21:15 UTC

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.

CVE-2023-53874 gomlab vulnerability CVSS: 0 15 Dec 2025, 21:15 UTC

GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.

CVE-2017-5881 gomlab vulnerability CVSS: 6.8 21 Feb 2017, 07:59 UTC

GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.

CVE-2014-3899 gomlab vulnerability CVSS: 4.3 12 Aug 2014, 05:01 UTC

Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file.

CVE-2013-7184 gomlab vulnerability CVSS: 4.3 24 Jan 2014, 15:08 UTC

Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.

CVE-2013-5716 gomlab vulnerability CVSS: 4.3 09 Sep 2013, 17:55 UTC

Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.

CVE-2013-5715 gomlab vulnerability CVSS: 10.0 09 Sep 2013, 17:55 UTC

Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.

CVE-2011-5162 gomlab vulnerability CVSS: 9.3 15 Sep 2012, 17:55 UTC

Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.

CVE-2009-1497 gomlab vulnerability CVSS: 9.3 01 May 2009, 16:30 UTC

Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Player (GOM Player) 2.1.16.4635 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in an SRT file.