CVE-2022-45062
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/11/2022
Last modified:
01/05/2025
Description
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:xfce:xfce4-settings:*:*:*:*:*:*:*:* | 4.16.4 (excluding) | |
| cpe:2.3:a:xfce:xfce4-settings:4.17.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
- https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390
- https://gitlab.xfce.org/xfce/xfce4-settings/-/tags
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/
- https://security.gentoo.org/glsa/202305-05
- https://www.debian.org/security/2022/dsa-5296
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
- https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390
- https://gitlab.xfce.org/xfce/xfce4-settings/-/tags
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/
- https://security.gentoo.org/glsa/202305-05
- https://www.debian.org/security/2022/dsa-5296
- https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390