• @[email protected]
      link
      fedilink
      4
      edit-2
      1 year ago

      Since that post was’nt available for me atm, just reposting relevant Github blog : 1-Click RCE on GNOME

      The TL;DR

      libcue is a library used for parsing cue sheets—a metadata format for describing the layout of the tracks on a CD. it’s used by tracker-miners: an application that’s included with GNOME.The index is automatically updated when you add or modify a file in certain subdirectories of your home directory, in particular including ~/Downloads. To make a long story short, that means that inadvertently clicking a malicious link is all it takes for an attacker to exploit CVE-2023-43641 and get code execution on your computer.