Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-43641

Опубликовано: 09 окт. 2023
Источник: nvd
CVSS3: 8.8
EPSS Высокий

Описание

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to ~/Downloads, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:lipnitsk:libcue:*:*:*:*:*:*:*:*
Версия до 2.3.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.78934
Высокий

8.8 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2023-43641

CVSS3: 8.8
ubuntu
больше 1 года назад

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

redhat логотип

CVE-2023-43641

CVSS3: 8.8
redhat
больше 1 года назад

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

debian логотип

CVE-2023-43641

CVSS3: 8.8
debian
больше 1 года назад

libcue provides an API for parsing and extracting data from CUE sheets ...

suse-cvrf логотип

SUSE-SU-2023:4090-1

suse-cvrf
больше 1 года назад

Security update for libcue

fstec логотип

BDU:2023-06566

CVSS3: 8.8
fstec
больше 1 года назад

Уязвимость прикладного программного интерфейса библиотеки libcue, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 99%
0.78934
Высокий

8.8 High

CVSS3

Дефекты

CWE-787