• redw0rm@kerala.party
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Since that post was’nt available for me atm, just reposting relevant Github blog : 1-Click RCE on GNOME

      The TL;DR

      libcue is a library used for parsing cue sheets—a metadata format for describing the layout of the tracks on a CD. it’s used by tracker-miners: an application that’s included with GNOME.The index is automatically updated when you add or modify a file in certain subdirectories of your home directory, in particular including ~/Downloads. To make a long story short, that means that inadvertently clicking a malicious link is all it takes for an attacker to exploit CVE-2023-43641 and get code execution on your computer.