Upstream information
Description
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 1.9 |
| Vector | AV:L/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
| National Vulnerability Database | |
|---|---|
| Base Score | 5.5 |
| Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | High |
| CVSSv3 Version | 3 |
SUSE Security Advisories:
- openSUSE-SU-2019:1780-1, published Fri Dec 8 15:48:42 2023
- openSUSE-SU-2019:1959-1, published Fri Dec 8 15:48:42 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 15 SP1 |
| Patchnames: openSUSE-2019-1959 |
| SUSE Package Hub 15 |
| Patchnames: openSUSE-2019-1780 |
| openSUSE Leap 15.0 |
| Patchnames: openSUSE-2019-1780 |
| openSUSE Leap 15.1 |
| Patchnames: openSUSE-2019-1780 |
SUSE Timeline for this CVE
CVE page created: Thu Jul 19 20:30:12 2018CVE page last modified: Fri Dec 8 17:17:59 2023