Discover Desktop Security News
GNOME Linux Systems Exposed to RCE Attacks Via File Downloads
A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on Linux systems running the GNOME desktop environment.
libcue, a library designed for parsing cue sheet files, is integrated into the Tracker Miners file metadata indexer, which is included by default in the latest GNOME versions.
Cue sheets (or CUE files) are plain text files containing the layout of audio tracks on a CD, such as length, name of song, and musician, and are also typically paired with the FLAC audio file format.
GNOME is a widely used desktop environment across various Linux distributions such as Debian, Ubuntu, Fedora, Red Hat Enterprise, and SUSE Linux Enterprise.
Attackers can successfully exploit the flaw in question (CVE-2023-43641) to execute malicious code by taking advantage of Tracker Miners automatically indexing all downloaded files to update the search index on GNOME Linux devices.