CVE-2023-27566 – CVE-2023-27566 is an out-of-bounds write vulner... (How to Fix)

Q: What is the severity of CVE-2023-27566?

CVE-2023-27566 has a CVSS score of 7.8 (HIGH). CVE-2023-27566 is an out-of-bounds write vulnerability in Live2D Cubism Editor's Cubism Core component that allows attackers to execute arbitrary code or cause denial of service by crafting malicious MOC3 files. This affects users who process untrusted MOC3 files with vulnerable versions of Live2D Cubism Editor or applications using the Cubism SDK. The vulnerability is triggered when parsing specially crafted Section Offset Tables or Count Info Tables.

📋 TL;DR

CVE-2023-27566 is an out-of-bounds write vulnerability in Live2D Cubism Editor's Cubism Core component that allows attackers to execute arbitrary code or cause denial of service by crafting malicious MOC3 files. This affects users who process untrusted MOC3 files with vulnerable versions of Live2D Cubism Editor or applications using the Cubism SDK. The vulnerability is triggered when parsing specially crafted Section Offset Tables or Count Info Tables.

💻 Affected Systems

Products:

Live2D Cubism Editor
Applications using Live2D Cubism SDK

Versions: Cubism Editor 4.2.03 and earlier versions with vulnerable Cubism Core

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using the vulnerable Cubism Core library to parse MOC3 files is affected, not just the editor itself.

📦 What is this software?

Cubism Editor by Live2d

View all CVEs affecting Cubism Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment when processing malicious MOC3 files.

🟠

Likely Case

Application crash or denial of service when processing malformed MOC3 files, potentially disrupting workflows in animation/game development environments.

🟢

If Mitigated

Limited impact with proper file validation and sandboxing, potentially only causing application crashes without code execution.

🌐 Internet-Facing: MEDIUM - Risk exists if applications using Cubism Core process user-uploaded MOC3 files via web interfaces, but requires specific file processing workflows.

🏢 Internal Only: MEDIUM - Development environments and content pipelines processing MOC3 files are vulnerable, but exploitation requires file access or user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the victim to open/process a malicious MOC3 file. Public proof-of-concept exists in the moc3ingbird repository demonstrating the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Cubism Editor 4.2.04 and later

Vendor Advisory: https://docs.live2d.com/cubism-editor-manual/updates4/

Restart Required: Yes

Instructions:

1. Download Cubism Editor 4.2.04 or later from official Live2D website. 2. Uninstall previous version. 3. Install updated version. 4. Restart system. 5. For applications using Cubism SDK: update to patched SDK version and recompile.

🔧 Temporary Workarounds

File validation and sanitization

all

Implement strict validation of MOC3 file structure before processing, rejecting files with malformed Section Offset Tables or Count Info Tables.

Sandbox execution

all

Run Cubism Editor or affected applications in isolated environments or containers with limited permissions.

🧯 If You Can't Patch

Restrict MOC3 file processing to trusted sources only
Implement application allowlisting to prevent execution of vulnerable versions

🔍 How to Verify

Check if Vulnerable:

Check Cubism Editor version via Help > About menu. For applications: check linked Cubism Core library version.

Check Version:

On Windows: Check program version in Control Panel > Programs. On macOS: Check application version in Finder > Get Info.

Verify Fix Applied:

Verify installed version is 4.2.04 or later. Test with known malicious MOC3 files from moc3ingbird repository (in safe environment).

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected file parsing errors in MOC3 processing logs
Abnormal process termination when handling MOC3 files

Network Indicators:

Unusual MOC3 file downloads to development systems
File uploads to applications processing MOC3 files

SIEM Query:

Process:name="Cubism Editor" AND (EventID:1000 OR ExceptionCode:c0000005) OR FileHash:known_malicious_moc3_hash

📊 Metadata

CVE ID: CVE-2023-27566

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 3, 2023

Last Updated: November 21, 2024

🔗 References

https://docs.live2d.com/cubism-editor-manual/updates4/ Release Notes
https://github.com/openl2d/moc3ingbird Third Party Advisory
https://news.ycombinator.com/item?id=35013098 Issue Tracking
https://undeleted.ronsor.com/live2d-a-security-trainwreck/ Exploit
https://docs.live2d.com/cubism-editor-manual/updates4/ Release Notes
https://github.com/openl2d/moc3ingbird Third Party Advisory
https://news.ycombinator.com/item?id=35013098 Issue Tracking
https://undeleted.ronsor.com/live2d-a-security-trainwreck/ Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27566, you might also want to check these: