PT-2018-12447 · Clementine+2 · Clementine Music Player+2
Trougnouf
·
Publicado
2018-07-19
·
Atualizado
2019-08-19
·
CVE-2018-14332
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Clementine Music Player version 1.3.1
Description
A user mode write access violation occurs due to a NULL pointer dereference in the
Init call in the MoodbarPipeline::NewPadCallback function. This issue is triggered when a user opens a malformed mp3 file.Recommendations
For version 1.3.1, consider avoiding the use of the
MoodbarPipeline::NewPadCallback function until a patch is available. As a temporary workaround, refrain from opening malformed mp3 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Clementine Music Player
Debian
Suse