CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6531

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0840%
EPSS Percentile35.68th
PublishedJan 9, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.

Affected Platforms (CPE)

πŸ“¦
Xfce

Xfce

<= 4.4.1

References & Advisories

πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=201289
πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=201293
πŸ”— http://osvdb.org/43422
πŸ”— http://security.gentoo.org/glsa/glsa-200801-06.xml
πŸ”— http://www.vupen.com/english/advisories/2008/0080
πŸ”— http://www.xfce.org/documentation/changelogs/4.4.2
πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=201289
πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=201293

Related Vulnerabilities

CVE-2007-653210.0

Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitra...

CVE-2007-37707.8

The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execut...

CVE-2009-46427.2

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop suc...

CVE-2009-49967.2

Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier ...