Vulnerabilities > CVE-2018-14332 - NULL Pointer Dereference vulnerability in Clementine-Player Clementine 1.3.1

047910
CVSS 1.9 - LOW
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.

Vulnerable Configurations

Part Description Count
Application
Clementine-Player
1

Common Weakness Enumeration (CWE)

Nessus

NASL familySuSE Local Security Checks
NASL idOPENSUSE-2019-1780.NASL
descriptionThis update for clementine fixes the following issues : - CVE-2018-14332: Fixed a NULL ptr dereference (crash) in the moodbar pipeline (boo#1103041)
last seen2020-06-01
modified2020-06-02
plugin id126910
published2019-07-22
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126910
titleopenSUSE Security Update : clementine (openSUSE-2019-1780)