CVE-2019-5676

CWE-427 CWE-4263 documents3 sources

Severity

6.7MEDIUM

EPSS

0.3%

top 46.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Geforce Experience Nvidia GPU Display Driver Nvidia Nvidia GPU Display Driver

Timeline

PublishedMay 10

Latest updateMay 24

Description

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶NVDnvidia/gpu_display_driver410 — 412.36+2

▶CVEListV5nvidia/nvidia_gpu_display_driverAll

▶NVDnvidia/geforce_experience< 3.19

🔴Vulnerability Details

GHSA

GHSA-p2pj-jx8f-jw9f: NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs witho↗2022-05-24

▶

CVEList

CVE-2019-5676: NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs witho↗2019-05-10

▶