vulnerability

Ubuntu: (Multiple Advisories) (CVE-2023-43641): CUE vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Oct 9, 2023	Oct 10, 2023	Jan 28, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Oct 9, 2023

Added

Oct 10, 2023

Modified

Jan 28, 2025

Description

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

Solution

ubuntu-upgrade-libcue2

References

CVE-2023-43641
https://attackerkb.com/topics/CVE-2023-43641
UBUNTU-USN-6423-1
UBUNTU-USN-6423-2

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today