Robin Peraglie and Johannes Moritz discovered that xfce4-settings
incorrectly parsed quoted input when processed through xdg-open.
A remote attacker could possibly use this issue to inject
arbitrary arguments into the default browser or file manager.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.10 | noarch | xfce4-settings | < 4.16.2-1ubuntu2.22.10.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | xfce4-helpers | < 4.16.2-1ubuntu2.22.10.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | xfce4-settings-dbgsym | < 4.16.2-1ubuntu2.22.10.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | xfce4-settings | < 4.16.2-1ubuntu2.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | xfce4-helpers | < 4.16.2-1ubuntu2.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | xfce4-settings-dbgsym | < 4.16.2-1ubuntu2.22.04.1 | UNKNOWN |