CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6532

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile33.96th
PublishedJan 9, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."

Affected Platforms (CPE)

πŸ“¦
Xfce

Xfce

<= 4.4.1

References & Advisories

πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=201292
πŸ”— http://security.gentoo.org/glsa/glsa-200801-06.xml
πŸ”— http://www.vupen.com/english/advisories/2008/0080
πŸ”— http://www.xfce.org/documentation/changelogs/4.4.2
πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=201292
πŸ”— http://security.gentoo.org/glsa/glsa-200801-06.xml
πŸ”— http://www.vupen.com/english/advisories/2008/0080
πŸ”— http://www.xfce.org/documentation/changelogs/4.4.2

Related Vulnerabilities

CVE-2007-37707.8

The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execut...

CVE-2009-46427.2

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop suc...

CVE-2009-49967.2

Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier ...

CVE-2007-65315.0

Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbi...