Bug 2243166 (CVE-2023-43641) - CVE-2023-43641 libcue: out-of-bounds array access leads to RCE
Summary: CVE-2023-43641 libcue: out-of-bounds array access leads to RCE
Keywords:
Status: NEW
Alias: CVE-2023-43641
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2243099 2243167 2243168 2243177
Blocks: 2243180
TreeView+ depends on / blocked
 
Reported: 2023-10-11 05:44 UTC by Marian Rehak
Modified: 2023-10-11 14:26 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libcue, which is consumed by the tracker-miners application. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious web page, allowing remote code execution.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Marian Rehak 2023-10-11 05:44:25 UTC 
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution.

Reference:

https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj
Comment 1 Marian Rehak 2023-10-11 05:44:57 UTC 
Created libcue tracking bugs for this issue:

Affects: epel-all [bug 2243168]
Affects: fedora-all [bug 2243167]
Comment 2 Marian Rehak 2023-10-11 06:22:42 UTC 
Created tracker-miners tracking bugs for this issue:

Affects: fedora-all [bug 2243177]
Note You need to log in before you can comment on or make changes to this bug.