CVE-2022-45062

CRITICAL

Xfce xfce4-settings <4.16.4-4.17.1 - Command Injection

Title source: llm

Description

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.

References (7)

[Patch, Vendor Advisory] https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7

[Patch, Vendor Advisory] https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110

[Broken Link] https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390

[Release Notes, Vendor Advisory] https://gitlab.xfce.org/xfce/xfce4-settings/-/tags

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5296

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/

[Third Party Advisory] https://security.gentoo.org/glsa/202305-05

Scores

CVSS v3 9.8

EPSS 0.0355

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-88

Status published

Products (4)

debian/debian_linux 11.0

fedoraproject/fedora 37

xfce/xfce4-settings 4.17.0

xfce/xfce4-settings < 4.16.4

Published Nov 09, 2022

Tracked Since Feb 18, 2026