Reproducers so can't tell if we're affected. Clementine uses your listening history to play music similar to the music you play most - which typically is music you will like but maybe havent discovered yet. The reporter evidently didn't even test with debug symbols or provide Clementine gathers the users listening data to use for smart playlists.
Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Search and play your local music library. It is inspired by Amarok 1.4, focusing on a fast and easy-to-use interface for searching and playing your music. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.Ĭlementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. Clementine is a modern music player and library organizer. Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207.