Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pleezer allows resource exhaustion through uncollected hook script processes
Vulnerability Description
pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic. This issue has been fixed in version 0.16.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
抛出异常的清理不恰当
Vulnerability Title
pleezer 安全漏洞
Vulnerability Description
pleezer是Roderick van Domburg个人开发者的一个Deezer Connect播放器。 pleezer 0.16.0之前版本存在安全漏洞,该漏洞源于钩子脚本未正确清理进程,可能导致僵尸进程积累。
CVSS Information
N/A
Vulnerability Type
N/A