Re: Code execution through Thunar

[Gabriel Corona <gabriel.corona () enst-bretagne fr>]

Le 09/05/2021 à 21:38, Gabriel Corona a écrit :
> When called with a regular file as command line argument, Thunar
> would delegate to some other program without user confirmation
> based on the file type. This could be exploited to trigger code
> execution in a chain of vulnerabilities.
>
> This is fixed in 4.16.7 and 4.17.2. When called with a regular
> file, Thunar now opens the containing directory and selects the
> file.
>
> A CVE ID has been requested.

This is CVE-2021-32563.

Gabriel