{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32439", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-08T10:54:58.369Z", "datePublished": "2025-04-15T19:27:18.885Z", "dateUpdated": "2025-04-15T20:14:22.736Z"}, "containers": {"cna": {"title": "pleezer allows resource exhaustion through uncollected hook script processes", "problemTypes": [{"descriptions": [{"cweId": "CWE-460", "lang": "en", "description": "CWE-460: Improper Cleanup on Thrown Exception", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/roderickvd/pleezer/security/advisories/GHSA-472w-7w45-g3w5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/roderickvd/pleezer/security/advisories/GHSA-472w-7w45-g3w5"}], "affected": [{"vendor": "roderickvd", "product": "pleezer", "versions": [{"version": "< 0.16.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-15T19:27:18.885Z"}, "descriptions": [{"lang": "en", "value": "pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic. This issue has been fixed in version 0.16.0."}], "source": {"advisory": "GHSA-472w-7w45-g3w5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T20:14:12.882337Z", "id": "CVE-2025-32439", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T20:14:22.736Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32439", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T20:14:12.882337Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T20:14:17.320Z"}}], "cna": {"title": "pleezer allows resource exhaustion through uncollected hook script processes", "source": {"advisory": "GHSA-472w-7w45-g3w5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "roderickvd", "product": "pleezer", "versions": [{"status": "affected", "version": "< 0.16.0"}]}], "references": [{"url": "https://github.com/roderickvd/pleezer/security/advisories/GHSA-472w-7w45-g3w5", "name": "https://github.com/roderickvd/pleezer/security/advisories/GHSA-472w-7w45-g3w5", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic. This issue has been fixed in version 0.16.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-460", "description": "CWE-460: Improper Cleanup on Thrown Exception"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-15T19:27:18.885Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32439", "state": "PUBLISHED", "dateUpdated": "2025-04-15T20:14:22.736Z", "dateReserved": "2025-04-08T10:54:58.369Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-04-15T19:27:18.885Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic. This issue has been fixed in version 0.16.0."}, {"lang": "es", "value": "Pleezer es un reproductor de Deezer Connect sin interfaz gr\u00e1fica. Los scripts de enlace de Pleezer pueden activarse por diversos eventos, como cambios de pista y cambios en el estado de reproducci\u00f3n. En versiones anteriores a la 0.16.0, estos scripts se generaban sin una depuraci\u00f3n de procesos adecuada, lo que dejaba procesos inactivos en la tabla de procesos del sistema. Incluso con un uso normal, cada cambio de pista y evento de reproducci\u00f3n dejaba procesos inactivos. Esto provoca un inevitable agotamiento de recursos con el tiempo, ya que la tabla de procesos del sistema se llena, lo que finalmente impide la creaci\u00f3n de nuevos procesos. El problema se agrava si los eventos ocurren r\u00e1pidamente, ya sea por el uso normal (por ejemplo, al saltarse una lista de reproducci\u00f3n) o por una posible manipulaci\u00f3n del tr\u00e1fico del protocolo Deezer Connect. Este problema se ha solucionado en la versi\u00f3n 0.16.0."}], "id": "CVE-2025-32439", "lastModified": "2025-04-16T13:25:59.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-04-15T20:15:39.677", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/roderickvd/pleezer/security/advisories/GHSA-472w-7w45-g3w5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-460"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}