libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to ~/Downloads, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. This particular archive holds three proof of concept exploits.
642dbf93a2ac7ad97ec0e5940fb62ec821a66ce449bbde84890a9695362e981a
Ubuntu Security Notice 6423-2 - USN-6423-1 fixed a vulnerability in CUE. This update provides the corresponding updates for Ubuntu 23.10. It was discovered that CUE incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code.
130c551ce6526e3867b7494370a3b9fccc7948230c17bfdbafce668f2d4e02a0
Debian Linux Security Advisory 5524-1 - Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.
0dc64d4ebf0f6239a32a14b6769b865a9f52d1ecca767b643d7833243549abdb
Ubuntu Security Notice 6423-1 - It was discovered that CUE incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code.
cf4fb08d1268da0d785164720145403fe3305fd8eff0c7a2e0b92da32dabb7e8
Gentoo Linux Security Advisory 202310-10 - A vulnerability has been discovered in libcue which could allow for arbitrary code execution. Versions greater than or equal to 2.2.1-r1 are affected.
bdc22ff9e804636bb7ba375481ddcd1019ad2d0f4f6c1216e9a4d71814af1502