1. CVE-Search
  2. CVE-2023-43641
ID CVE-2023-43641
Summary libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.
References
Vulnerable Configurations
  • cpe:2.3:a:lipnitsk:libcue:-:*:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:-:*:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:lipnitsk:libcue:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:lipnitsk:libcue:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 27-10-2023 - 17:53
Published 09-10-2023 - 22:15
Last modified 27-10-2023 - 17:53
Back to Top