Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44428
7.8HIGH
Key Information:
- Vendor
- Musescore
- Status
- Musescore
- Vendor
- CVE Published:
- 3 May 2024
Summary
The vulnerability relates to the MuseScore application's handling of CAP files, where the absence of appropriate length validation for user-provided data leads to a heap-based buffer overflow. This flaw potentially allows remote attackers to execute arbitrary code on affected systems, contingent upon user interaction such as visiting a malicious webpage or opening a specially crafted file. By exploiting this weakness, an attacker could run unauthorized commands within the context of the currently executing process, posing significant security risks to users.
Affected Version(s)
MuseScore 4.0.2.230651553
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved