• redw0rm@kerala.party
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Since that post was’nt available for me atm, just reposting relevant Github blog : 1-Click RCE on GNOME

    The TL;DR

    libcue is a library used for parsing cue sheets—a metadata format for describing the layout of the tracks on a CD. it’s used by tracker-miners: an application that’s included with GNOME.The index is automatically updated when you add or modify a file in certain subdirectories of your home directory, in particular including ~/Downloads. To make a long story short, that means that inadvertently clicking a malicious link is all it takes for an attacker to exploit CVE-2023-43641 and get code execution on your computer.