thunar is vulnerable to remote code execution. An attacker is able to inject malicious code via a file to delegate the system to a different program based on the file type when the file is called as a command-line argument.
CPE | Name | Operator | Version |
---|---|---|---|
thunar:sid | eq | 1.8.15-1 | |
thunar:sid | eq | 4.16.4-1 | |
thunar:bullseye | eq | 1.8.15-1 | |
thunar:sid | eq | 1.8.15-1 | |
thunar:sid | eq | 4.16.4-1 | |
thunar:bullseye | eq | 1.8.15-1 |
www.openwall.com/lists/oss-security/2021/05/11/3
www.openwall.com/lists/oss-security/2023/01/05/1
www.openwall.com/lists/oss-security/2023/01/05/2
gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d
gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
gitlab.xfce.org/xfce/thunar/-/tags
security-tracker.debian.org/tracker/CVE-2021-32563
www.openwall.com/lists/oss-security/2021/05/09/2