-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathCVE-2018-14332
51 lines (33 loc) · 1.48 KB
/
CVE-2018-14332
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
[Suggested description]
An issue was discovered in Clementine Music Player 1.3.1.
Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp.
The vulnerability is triggered when the user opens a malformed mp3 file.
------------------------------------------
[Vulnerability Type]
Buffer Overflow
------------------------------------------
[Vendor of Product]
Clementine
------------------------------------------
[Affected Product Code Base]
Clementine Music Player - 1.3.1-386-g62d1eb4
------------------------------------------
[Affected Component]
The application is vulnerable to a null pointer reference vulnerability at this line of codehttps://github.com/clementine-player/Clementine/blob/e5ab3e786f9adde12cec3cc90cfe8c1cc6b06320/src/moodbar/moodbarpipeline.cpp#L155
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Attack Vectors]
The user has to open a malformed mp3 file to trigger the crash
------------------------------------------
[Reference]
https://github.com/MostafaSoliman/Security-Advisories/CVE-2018-14332
https://github.com/clementine-player/Clementine/issues/6078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14332
------------------------------------------
[Discoverer]
Mostafa Soliman - SecureMisr