Libcue library flaw opens GNOME Linux systems vulnerable to RCE attacks

A new security flaw has been disclosed in the libcue library affecting GNOME Linux systems that can be exploited to achieve remote code execution (RCE) on affected hosts.

Tracked as CVE-2023-43641 (CVSS score: 8.8), the issue is described as a case of memory corruption in libcue, a library designed for parsing cue sheet files. This affects versions 2.2.1 and earlier.

libcue is included in Tracker Miners, a search engine tool that is included by default in GNOME and indexes files in the system for easy access.

The problem lies in out-of-bounds array access in the track_set_index function that allows the victim to obtain code execution on the machine by tricking them into clicking a malicious link and downloading a .cue file.

According to the description of the vulnerability in the National Vulnerability Database (NVD), “A user of the GNOME desktop environment could be exploited by downloading a cue sheet from a malicious webpage.”

“Since the file is saved in ‘~/Downloads’, it is automatically scanned by tracker-miners. And because it has a .cue file name extension, tracker-miners use libcue to parse the file. “The file exploits a vulnerability in libcue to gain code execution.”

Additional technical information about the vulnerability has been withheld to allow users ample time to install the latest updates.

“Sometimes a vulnerability in a seemingly innocuous library can have a major impact,” said Kevin Backhouse, the GitHub security researcher who discovered the bug. “This vulnerability in libcue became one-click RCE because of the way it is exploited by tracker-miners.”

The disclosure arrives two weeks after GitHub released comprehensive details about CVE-2023-3420, a high-severity type confusion vulnerability in the Google Chrome V8 JavaScript engine that enables remote code execution (RCE) in the renderer sandbox of the web browser by visiting a malicious site.

“Such vulnerabilities are often the starting point for ‘one-click’ exploits that compromise a victim’s device when they visit a malicious website,” said security researcher Man Yue Mo. “A renderer RCE in Chrome allows an attacker to compromise and execute arbitrary code in the Chrome renderer process.”

Related posts

CISA and OpenSSF release framework for package repository security

Security expert turns out to be a scammer, used Apple’s bug to rob the company of $2.5 million

Kimsuky’s New Golang Stealer ‘Troll’ and ‘GoBear’ Backdoor Targets South Korea

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More