A remote code execution vulnerability in GNOME

by
corbet
from LWN.net on (#6FEQP)
The GitHub blog describesa vulnerability in the libcue library (which is used by the GNOMEdesktop) that can be exploited by a remote attacker to run code on adesktop system if the target can be convinced to click on a malicious link.

The video shows me clicking a link in a webpage, which causes a cuesheet to be downloaded. Because the file is saved to ~/Downloads,it is then automatically scanned by tracker-miners. And because ithas a .cue filename extension, tracker-miners uses libcue to parsethe file. The file exploits the vulnerability in libcue to gaincode execution and pop a calculator.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments