Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce
before 4.4.2 might allow remote attackers to execute arbitrary code via
Launcher tooltips. NOTE: a second buffer overflow (over-read) in the
xfce_mkdirhier function was also reported, but it might not be exploitable
for a crash or code execution, so it is not a vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | xfce4-panel | < 4.3.90.1svn+r21633-0ubuntu2.1 | UNKNOWN |
ubuntu | 7.04 | noarch | xfce4-panel | < 4.4.0-0ubuntu1.1 | UNKNOWN |
ubuntu | 7.10 | noarch | xfce4-panel | < 4.4.1-1ubuntu3.1 | UNKNOWN |
ubuntu | 8.04 | noarch | xfce4-panel | < 4.4.2 | UNKNOWN |