CVE-2023-26923

HIGH

MuseScore 3.0-4.0.1 - Stack Buffer Overflow via Malformed MIDI File

Title source: llm
STIX 2.1

Description

Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigured midi files. If attacker can additional information, attacker can execute arbitrary code.

References (1)

Core 1
Core References

Scores

CVSS v3 7.0
EPSS 0.0036
EPSS Percentile 28.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
musescore/musescore 3.0 - 4.0.1
Published Mar 28, 2023
Tracked Since Feb 18, 2026