libcue is vulnerable to Remote Code Execution. The vulnerability is due to improper out of bound array checks. This can be exploited by the attacker by making the user to download a cue sheet and parse the file to gain code execution.
CPE | Name | Operator | Version |
---|---|---|---|
libcue:edge | eq | 2.2.1-r1 | |
libcue:edge | eq | 2.2.1-r1 |
packetstormsecurity.com/files/176128/libcue-2.2.1-Out-Of-Bounds-Access.html
github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea
github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e
github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj
lists.debian.org/debian-lts-announce/2023/10/msg00018.html
lists.fedoraproject.org/archives/list/[email protected]/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/
lists.fedoraproject.org/archives/list/[email protected]/message/PGQOMFDBXGM3DOICCXKCUS76OTKTSPMN/
lists.fedoraproject.org/archives/list/[email protected]/message/XUS4HTNGGGUIFLYSKTODCRIOXLX5HGV3/
www.debian.org/security/2023/dsa-5524