7.3
CVE-2024-50986
- EPSS 0.99%
- Veröffentlicht 15.11.2024 15:15:07
- Zuletzt bearbeitet 07.07.2025 17:03:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Clementine-player ≫ Clementine Version1.3.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.578 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
https://github.com/clementine-player/Clementine
https://github.com/riftsandroses/CVE-2024-50986/
https://www.clementine-player.org/