CVE-2019-5695

CWE-427 CWE-4263 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 81.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Geforce Experience Nvidia Nvidia Geforce Experience Nvidia Nvidia Windows GPU Display Driver

Timeline

PublishedNov 12

Latest updateMay 24

Description

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5nvidia/nvidia_windows_gpu_display_driverall versions

▶NVDnvidia/geforce_experience< 3.20.1

▶CVEListV5nvidia/nvidia_geforce_experienceprior to 3.20.1

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-q4h2-45g8-3929: NVIDIA GeForce Experience (prior to 3↗2022-05-24

▶

CVEList

CVE-2019-5695: NVIDIA GeForce Experience (prior to 3↗2019-11-12

▶