Description
Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=201292
Various Sources x_refsource_confirm
http://www.xfce.org/documentation/changelogs/4.4.2
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0080
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200801-06.xml
Scores
EPSS
0.0398
EPSS Percentile
89.3%
Details
CWE
CWE-119
Status
published
Products (1)
xfce/xfce
< 4.4.1
Published
Jan 09, 2008
Tracked Since
Feb 18, 2026