A vulnerability has been discovered in libcue which could allow for arbitrary code execution.
|Package||media-libs/libcue on all architectures|
|Affected versions||< 2.2.1-r1|
|Unaffected versions||>= 2.2.1-r1|
libcue is a CUE Sheet Parser Library.
libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program.
Untrusted CUE sheet files can lead to arbitrary code execution. app-misc/tracker-miners[cue] uses libcue to index CUE Sheet files in directories. It is possible that downloading a malicious CUE Sheet file into a directory indexed by tracker-miners could lead to remote code execution.
There is no known workaround at this time.
All libcue users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libcue-2.2.1-r1"
October 10, 2023
October 10, 2023: 1