DSA-5296-1 xfce4-settings -- xfce4-settingsID: oval:org.secpod.oval:def:88440 | Date: (C)2023-03-28 (M)2023-11-13 |
Class: PATCH | Family: unix |
Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications for opening links, this bug could be exploited by an attacker to run arbitrary code on an user machine by providing a malicious PDF file with specifically crafted links.
Product: |
xfce4-helpers |
xfce4-settings |