Vulnerabilities > CVE-2021-32563 - Improper Control of Dynamically-Managed Code Resources vulnerability in Xfce Thunar
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://gitlab.xfce.org/xfce/thunar/-/tags
- https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
- https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
- https://www.openwall.com/lists/oss-security/2021/05/09/2
- http://www.openwall.com/lists/oss-security/2021/05/11/3
- https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d
- http://www.openwall.com/lists/oss-security/2023/01/05/1
- http://www.openwall.com/lists/oss-security/2023/01/05/2