Vulnerabilities > CVE-2018-14332 - NULL Pointer Dereference vulnerability in Clementine-Player Clementine 1.3.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | SuSE Local Security Checks |
NASL id | OPENSUSE-2019-1780.NASL |
description | This update for clementine fixes the following issues : - CVE-2018-14332: Fixed a NULL ptr dereference (crash) in the moodbar pipeline (boo#1103041) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 126910 |
published | 2019-07-22 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/126910 |
title | openSUSE Security Update : clementine (openSUSE-2019-1780) |
References
- https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332
- https://github.com/clementine-player/Clementine/issues/6078
- https://github.com/clementine-player/Clementine/blob/e5ab3e786f9adde12cec3cc90cfe8c1cc6b06320/src/moodbar/moodbarpipeline.cpp#L155
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00064.html