Clementine is a multi-platform music player for individual developers running on GNU/Linux, Mac OS X and Windows operating systems. a denial of service vulnerability exists in Clementine Music Player prior to 1.3.1, which stems from a vulnerability to read access conflicts when block data is moved, affecting memcpy 0x265’s MP3 file parsing functionality. An attacker could use this issue to cause the clementine.exe process to crash (DoS) or implement arbitrary code execution in the context of the currently logged-in Windows user.
CPE | Name | Operator | Version |
---|---|---|---|
clementine clementine | le | 1.3.1 |