Severity: Medium
Clementine Music Player v. <= 1.3.1 is affected by a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207
.
The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine.
Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.
eax=00000080 ebx=00000000 ecx=e6f6bc6d edx=00000000 esi=00000000 edi=54d40bb8
eip=007aa207 esp=561af1f8 ebp=561af280 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
clementine+0x3aa207:
007aa207 894604 mov dword ptr [esi+4],eax ds:002b:00000004=????????
FAILURE_BUCKET_ID: NULL_CLASS_PTR_WRITE_AVRF_c0000005_clementine.exe!Unknown
Basic Block:
007aa207 mov dword ptr [esi+4],eax
Tainted Input operands: 'eax','esi'
007aa20a mov eax,dword ptr [ebp+0ch]
007aa20d mov dword ptr [esi+8],eax
007aa210 lock inc dword ptr [qtcore4!zn9qlistdata11shared_nulle (6e200074)]
007aa217 setne al
007aa21a mov eax,dword ptr [esi]
007aa21c mov dword ptr [esi],offset qtcore4!zn9qlistdata11shared_nulle (6e200074)
007aa222 lock dec dword ptr [eax]
007aa225 setne dl
007aa228 test dl,dl
007aa22a jne clementine+0x3aa23b (007aa23b)
Exception Hash (Major/Minor): 0xf535c3f1.0x4c51c076
Hash Usage : Stack Trace:
Major+Minor : clementine+0x3aa207
Major+Minor : clementine+0x2555e4
Major+Minor : libgobject_2_0_0!g_cclosure_marshal_VOID__OBJECTv+0x46
Instruction Address: 0x00000000007aa207
Description: User Mode Write AV near NULL
Short Description: WriteAVNearNull
Exploitability Classification: UNKNOWN
Recommended Bug Title: User Mode Write AV near NULL starting at clementine+0x00000000003aa207 (Hash=0xf535c3f1.0x4c51c076)