CD-indexing cue files are the core of a serious Linux remote code exploit

The write-up explains CVE-2023-43641: an out-of-bounds array write in libcue that can be triggered via a malicious .cue file and lead to one-click code execution on GNOME desktops because the tracker miner auto-indexes user files. GitHub rates it 8.8 (High); upstream fixes exist but distributions need to deploy updated desktop packages. A benign test .cue is public, but the full PoC has not been released.