First published: Fri Oct 19 2018(Updated: )
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xfce Thunar | <1.6.15 | |
Xfce Xfce | <4.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability CVE-2018-18398 is about a mishandling of the IBus-Unikey input method in Xfce Thunar 1.6.15 when Xfce 4.12 is used, leading to an out-of-bounds read and SEGV.
The vulnerability CVE-2018-18398 affects users of Xfce Thunar 1.6.15 and Xfce 4.12.
The severity rating of CVE-2018-18398 is medium with a CVSS score of 4.7.
The vulnerability CVE-2018-18398 could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses the IBus-Unikey input method in Xfce Thunar.
At the time of writing, there is no known fix available for CVE-2018-18398. It is recommended to update to a version of Xfce Thunar or Xfce that is not affected by the vulnerability, if possible. Avoid using the IBus-Unikey input method until a fix is provided.