# Potential Security Vulnerability in Latest Spotify Linux Client

Search git repo: CuB3y0nd/spotify-core-dumps

## Environment

Check `environment_info` file in my repo.

## Summary

Spotify reproducibly crashes with a segmentation fault on Arch Linux. The crash occurs inside the Spotify main binary, where a pointer dereference leads to an access to unmapped memory. The issue can cause Denial of Service.

## Reproduction

1. Launch Spotify.
2. Crashed with `SIGSEGV` at `► 0x557a3955dba7 movzx eax, byte ptr [rdx] <Cannot dereference [4]>`.

Debugging information can be found in `gdb_dump`.

Subsequent exception cleanup attempts to call `operator delete(void*) ( _ZdlPv )`, and crashed after that. The issue seems to be a use-after-free or invalid pointer dereference.

Symbols are stripped in the official binary, but disassembly suggests the crash happens in code that reads from a member pointer (`[rbx+0x10]`).

For more information can check the other files I've provided in the repo.