Vulnerabilities > CVE-2018-14332 - NULL Pointer Dereference vulnerability in Clementine-Player Clementine 1.3.1

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
clementine-player
CWE-476
nessus

Summary

An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.

Vulnerable Configurations

Part Description Count
Application
Clementine-Player
1

Common Weakness Enumeration (CWE)

Nessus

NASL familySuSE Local Security Checks
NASL idOPENSUSE-2019-1780.NASL
descriptionThis update for clementine fixes the following issues : - CVE-2018-14332: Fixed a NULL ptr dereference (crash) in the moodbar pipeline (boo#1103041)
last seen2020-06-01
modified2020-06-02
plugin id126910
published2019-07-22
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126910
titleopenSUSE Security Update : clementine (openSUSE-2019-1780)