Clementine
CVE-2024-50986
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.
AnalysisAI
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-426. An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. Affected products include: Clementine-Player Clementine.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Clementine
View allClementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block
Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsin
An issue was discovered in Clementine Music Player 1.3.1. Rated medium severity (CVSS 5.5), this vulnerability is no aut
Same weakness CWE-426 – Untrusted Search Path
View allShare
External POC / Exploit Code
Leaving vuln.today