CVE-2022-45062

Name
CVE-2022-45062
Description
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
MISC https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
MISC https://gitlab.xfce.org/xfce/xfce4-settings/-/tags
MISC https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390
Third Party Advisory https://www.debian.org/security/2022/dsa-5296
GENTOO https://security.gentoo.org/glsa/202305-05
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:xfce:xfce4-settings:*:*:*:*:*:*:*:* xfce4-settings >= None < 4.16.4
cpe:2.3:a:xfce:xfce4-settings:4.17.0:*:*:*:*:*:*:* xfce4-settings == None == 4.17.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xfce4-settings 3.16-community 4.16.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable