Veracode Vulnerability DatabaseVERACODE:43780Remote Code Execution (RCE)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
49.4%
libcue is vulnerable to Remote Code Execution. The vulnerability is due to improper out of bound array checks. This can be exploited by the attacker by making the user to download a cue sheet and parse the file to gain code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libcue:edge | eq | 2.2.1-r1 | |
| libcue:edge | eq | 2.2.1-r1 |
References
packetstormsecurity.com/files/176128/libcue-2.2.1-Out-Of-Bounds-Access.html
github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea
github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e
github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj
lists.debian.org/debian-lts-announce/2023/10/msg00018.html
lists.fedoraproject.org/archives/list/[email protected]/message/57JEYTRFG4PVGZZ7HIEFTX5I7OONFFMI/
lists.fedoraproject.org/archives/list/[email protected]/message/PGQOMFDBXGM3DOICCXKCUS76OTKTSPMN/
lists.fedoraproject.org/archives/list/[email protected]/message/XUS4HTNGGGUIFLYSKTODCRIOXLX5HGV3/
www.debian.org/security/2023/dsa-5524
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
49.4%