Vulnerabilities > CVE-2023-26923 - Out-of-bounds Write vulnerability in Musescore

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

musescore

CWE-787

NVD

Published: 2023-03-28

Updated: 2024-11-21

Summary

Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigured midi files. If attacker can additional information, attacker can execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Musescore Musescore Musescore *	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/musescore/MuseScore/issues/16346
https://github.com/musescore/MuseScore/issues/16346