CVE-2019-5689

HIGH

NVIDIA GeForce Experience < 3.20.1 - Arbitrary File Download and Code Execution via Downloader Component

Title source: llm
STIX 2.1

Description

NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://nvidia.custhelp.com/app/answers/detail/a_id/4860

Scores

CVSS v3 7.8
EPSS 0.0005
EPSS Percentile 15.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
nvidia/geforce_experience < 3.20.1
Published Nov 09, 2019
Tracked Since Feb 18, 2026