Aggregates CVE and security vulnerability intelligence across all clementine-player-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk denial of service and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-50986 | An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. | [email protected] | 7.3 | 10.85% | 2024-11-15 | 2025-07-07 |
| CVE-2021-40827 | Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows us | [email protected] | 7.8 | 0.37% | 2021-12-15 | 2024-11-21 |
| CVE-2021-40826 | Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. | [email protected] | 7.8 | 0.37% | 2021-12-15 | 2024-11-21 |
| CVE-2018-14332 | An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file. | [email protected] | 5.5 | 0.16% | 2018-07-19 | 2024-11-21 |