Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-43641

Опубликовано: 09 окт. 2023
Источник: ubuntu
Приоритет: medium
EPSS Высокий
CVSS3: 8.8

Описание

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to ~/Downloads, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

released

2.2.1-4ubuntu1
esm-apps/bionic

needs-triage

esm-apps/xenial

needs-triage

esm-infra/focal

not-affected

2.2.1-2ubuntu0.1
focal

released

2.2.1-2ubuntu0.1
jammy

released

2.2.1-3ubuntu0.1
lunar

released

2.2.1-4ubuntu0.1
mantic

released

2.2.1-4ubuntu1
noble

released

2.2.1-4ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.78934
Высокий

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-43641

CVSS3: 8.8
redhat
больше 1 года назад

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

nvd логотип

CVE-2023-43641

CVSS3: 8.8
nvd
больше 1 года назад

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

debian логотип

CVE-2023-43641

CVSS3: 8.8
debian
больше 1 года назад

libcue provides an API for parsing and extracting data from CUE sheets ...

suse-cvrf логотип

SUSE-SU-2023:4090-1

suse-cvrf
больше 1 года назад

Security update for libcue

fstec логотип

BDU:2023-06566

CVSS3: 8.8
fstec
больше 1 года назад

Уязвимость прикладного программного интерфейса библиотеки libcue, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 99%
0.78934
Высокий

8.8 High

CVSS3