Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44428

7.8HIGH

Key Information:

Vendor: Musescore
Status: Musescore
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-44428?

The vulnerability relates to the MuseScore application's handling of CAP files, where the absence of appropriate length validation for user-provided data leads to a heap-based buffer overflow. This flaw potentially allows remote attackers to execute arbitrary code on affected systems, contingent upon user interaction such as visiting a malicious webpage or opening a specially crafted file. By exploiting this weakness, an attacker could run unauthorized commands within the context of the currently executing process, posing significant security risks to users.

Affected Version(s)

MuseScore 4.0.2.230651553

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1526/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023

Musescore

What is CVE-2023-44428?

Affected Version(s)

References

CVSS V3.1

Timeline