Jump to:

CVE-2018-18398

Jump to:

CVE-2018-18398

Package thunar updated to version 1.6.15-alt1 for branch sisyphus in task 203645.

Published: 2018-10-20
Modified: 2024-11-21

CVE-2018-18398

Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.

Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/
https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/

Version: 2.1.0

Package thunar update in sisyphus on 2018-04-06

ALT-PU-2018-1558-1

Closed vulnerabilities

CVE-2018-18398