Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access
Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207.
The vulnerability is triggered when the user opens a crafted MP3 file or loads a
remote stream URL that is mishandled by Clementine. Attackers could exploit this
issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary
code execution in the context of the current logged-in Windows user.
Created clementine tracking bugs for this issue:
Affects: fedora-all [bug 2041794]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.