Уязвимость CVE-2023-43641: Информация
Описание
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.
Важность: HIGH (8,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
libcue2 | sisyphus | 2.3.0-alt1 | 2.3.0-alt1 | ALT-PU-2023-6257-2 | 331437 | Исправлено |
libcue2 | sisyphus_e2k | 2.3.0-alt1 | 2.3.0-alt1 | ALT-PU-2023-6365-1 | - | Исправлено |
libcue2 | sisyphus_riscv64 | 2.3.0-alt1 | 2.3.0-alt1 | ALT-PU-2023-6343-1 | - | Исправлено |
libcue2 | p10 | 2.3.0-alt1 | 2.3.0-alt1 | ALT-PU-2023-6273-3 | 331488 | Исправлено |
libcue2 | p10_e2k | 2.3.0-alt1 | 2.3.0-alt1 | ALT-PU-2023-7156-1 | - | Исправлено |
libcue2 | c10f1 | 2.3.0-alt1 | 2.3.0-alt1 | ALT-PU-2023-6613-2 | 332373 | Исправлено |
libcue2 | c9f2 | 2.3.0-alt1 | 2.3.0-alt1 | ALT-PU-2023-6257-2 | 331437 | Исправлено |
libcue2 | p11 | 2.3.0-alt1 | 2.3.0-alt1 | ALT-PU-2023-6257-2 | 331437 | Исправлено |