CVE-2023-44428

EUVD-2023-48768
MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of CAP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20769.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
zdiCNA
7.8 HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
musescoremusescore
4.0.2.230651553
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
musescore2
bookworm
ignored
bullseye
no-dsa
sid
vulnerable
trixie
vulnerable
musescore3
bookworm
ignored
bullseye
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
musescore
bionic
needs-triage
focal
needs-triage
jammy
dne
noble
dne
oracular
dne
xenial
needs-triage
musescore2
focal
dne
jammy
needs-triage
noble
needs-triage
oracular
needs-triage
musescore3
focal
dne
jammy
needs-triage
noble
needs-triage
oracular
needs-triage
Common Weakness Enumeration
References
https://www.zerodayinitiative.com/advisories/ZDI-23-1526/
https://www.zerodayinitiative.com/advisories/ZDI-23-1526/