Medium severity5.5NVD Advisory· Published Jul 19, 2018· Updated Jun 17, 2026
CVE-2018-14332
CVE-2018-14332
Description
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: =1.3.1
- osv-coords4 versionspkg:rpm/opensuse/clementine&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/clementine&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/clementine&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/clementine&distro=SUSE%20Package%20Hub%2015%20SP1
< 1.3.1-bp150.2.3.1+ 3 more
- (no CPE)range: < 1.3.1-bp150.2.3.1
- (no CPE)range: < 1.3.1-bp150.2.3.1
- (no CPE)range: < 1.3.1-bp150.2.3.1
- (no CPE)range: < 1.3.1-bp151.4.3.2
Patches
Vulnerability mechanics
References
5- github.com/clementine-player/Clementine/issues/6078nvdExploitThird Party Advisory
- github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332nvdThird Party Advisory
- github.com/clementine-player/Clementine/blob/e5ab3e786f9adde12cec3cc90cfe8c1cc6b06320/src/moodbar/moodbarpipeline.cppnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00038.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00064.htmlnvd
News mentions
0No linked articles in our index yet.