Your submission was sent successfully! Close

CVE-2021-32563

Published: 11 May 2021

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
thunar
Launchpad, Ubuntu, Debian
Upstream
Released (4.16.7, 4.17.2)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Ignored
(reached end-of-life)
Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(out of standard support)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist