Xfce : Security Vulnerabilities, CVEs, Published In 2008 (Code Execution)
Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."
Max CVSS
10.0
EPSS Score
3.98%
Published
2008-01-09
Updated
2011-03-08
Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.
Max CVSS
5.0
EPSS Score
3.24%
Published
2008-01-09
Updated
2011-03-08
2 vulnerabilities found