CVE - CVE-2023-43641

CVE-ID
CVE-2023-43641	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
DEBIAN:DSA-5524 URL:https://www.debian.org/security/2023/dsa-5524 FEDORA:FEDORA-2023-1fe05ac8d9 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XUS4HTNGGGUIFLYSKTODCRIOXLX5HGV3/ FEDORA:FEDORA-2023-eec9ce5935 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PGQOMFDBXGM3DOICCXKCUS76OTKTSPMN/ FEDORA:FEDORA-2023-f4e74a94a2 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/ MISC:http://packetstormsecurity.com/files/176128/libcue-2.2.1-Out-Of-Bounds-Access.html MISC:https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ URL:https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ MISC:https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea URL:https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea MISC:https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e URL:https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e MISC:https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj URL:https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj MLIST:[debian-lts-announce] 20231011 [SECURITY] [DLA 3615-1] libcue security update URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00018.html
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20230920	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20230920)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)