CVE-2022-45062
CRITICALXfce xfce4-settings <4.16.4-4.17.1 - Command Injection
Title source: llmDescription
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
References (7)
Core 7
Core References
Patch, Vendor Advisory
https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
Patch, Vendor Advisory
https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
Release Notes, Vendor Advisory
https://gitlab.xfce.org/xfce/xfce4-settings/-/tags
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5296
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-05
Scores
CVSS v3
9.8
EPSS
0.0141
EPSS Percentile
69.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-88
Status
published
Products (4)
debian/debian_linux
11.0
fedoraproject/fedora
37
xfce/xfce4-settings
4.17.0
xfce/xfce4-settings
< 4.16.4
Published
Nov 09, 2022
Tracked Since
Feb 18, 2026