Wednesday, 11 October 2023

Flaw In Library Leaves Gnome Users Open to Remote Code Exploit

WebProNews
Flaw In Library Leaves Gnome Users Open to Remote Code Exploit

A flaw in the libcue library is leaving Linux users that use the Gnome desktop vulnerable to a remote code execution exploit.

The flaw exploits libcue’s inclusion in tracker-miners, Gnome’s file indexing service. According to the National Vulnerability Database, an attacker could use a maliciously coded “cue sheet” to trigger the flaw and execute code remotely.

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to ~/Downloads, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution.

The vulnerability has been given a score of 8.8, or High. At the time of writing, there is no workaround and users are encouraged to upgrade to the newest version once it becomes available.

Flaw In Library Leaves Gnome Users Open to Remote Code Exploit
Matt Milano



from WebProNews https://ift.tt/7px5lq0

No comments:

Post a Comment