CVE-2019-5695

MEDIUM

Nvidia Geforce Experience < 3.20.1 - Uncontrolled Search Path

Title source: rule

Description

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

References (3)

[Patch, Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/4860

[Patch, Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/4907

[Exploit, Third Party Advisory] https://safebreach.com/Post/NVIDIA-GPU-Display-Drivers-for-Windows-and-GFE-Software-DLL-Preloading-and-Potential-Abuses-CVE-2019-5694-CVE-2019-5695

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 18.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

nvidia/geforce_experience < 3.20.1

nvidia/gpu_driver

Timeline

Published Nov 12, 2019

Tracked Since Feb 18, 2026