CVE-2019-5676

MEDIUM

Nvidia Gpu Display Driver < 412.36 - Uncontrolled Search Path

Title source: rule

Description

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.

References (4)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/4797

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/4806

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/4841

[Third Party Advisory] https://support.lenovo.com/us/en/product_security/LEN-27815

Scores

CVSS v3 6.7

EPSS 0.0033

EPSS Percentile 55.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

nvidia/gpu_display_driver < 412.36

nvidia/geforce_experience < 3.19

Timeline

Published May 10, 2019

Tracked Since Feb 18, 2026