Buffer Overflow Vulnerability in MuseScore Studio Affects Music Composition Software
CVE-2024-44866

6.8MEDIUM

Key Information:

Vendor: MuseScore
Status: MuseScore Studio
Vendor: CVE Published:; 17 March 2025

What is CVE-2024-44866?

A buffer overflow vulnerability exists in the GuitarPro1::read function of MuseScore Studio version 4.3.2, which can be exploited by attackers to execute arbitrary code or trigger a Denial of Service (DoS) condition by opening a specially crafted GuitarPro file. This flaw poses a significant risk, as it allows malicious actors to manipulate the program's memory and potentially take over the affected system.

References

https://musescore.org/ko/download/musescore.msi

https://github.com/moonadon9/CVE_2024

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2025