CVE-2021-40826

Name of the Vulnerable Software and Affected Versions Clementine Music Player versions prior to 1.3.2

Description The issue is related to a User Mode Write Access Violation in the MP3 file parsing functionality. It is triggered when a user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. This could allow attackers to cause a crash of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. The vulnerability is also associated with a pointer dereference error when loading MP3 files, which can lead to a denial of service or arbitrary code execution.

Recommendations For Clementine Music Player versions prior to 1.3.2, update to a version later than 1.3.1 to resolve the issue. As a temporary workaround, consider avoiding the use of crafted MP3 files or remote stream URLs that could trigger the vulnerability. Restrict access to the MP3 file parsing functionality to minimize the risk of exploitation.