https://bugzilla.suse.com/show_bug.cgi?id=1193986 Bug ID: 1193986 Summary: VUL-1: CVE-2021-40827: clementine: clementine through 1.3.1 is vulnerable to a Read Access Violation Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/317522/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: gabriele.sonnu@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40827 https://voidsec.com/advisories/cve-2021-40827/ -- You are receiving this mail because: You are on the CC list for the bug.