Security News > 2023 > October > Researcher bags two-for-one deal on Linux bugs while probing GNOME component
Cue files - which store the metadata that defines the layout of music on a CD. Given that it's often used alongside the FLAC audio format, open source audio players like Audacious are dependent on the library.
The tracker-miners application initializes automatically when a file is either added or modified in a subdirectory of the home directory.
Cue file, since tracker-miners uses libcue to pass the cue sheets file.
Other files are also supported by tracker-miners - it has scanners for HTML, JPEG, and PDF files too - but the researcher's proof of concept code was limited to using cue sheet files.
If these files were all unarchived, only the one that matches the user's distro would be needed to pull off the attack.
Backhouse encountered an issue when developing the PoC exploit for the vulnerability because the tracker-extract component of tracker-miners has a seccomp sandbox that prevents this kind of exploit from running.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/10/linux_gnome_libcue_exploit/