CVE-2007-6531

Publication date 9 January 2008

Last updated 24 July 2024

Ubuntu priority

Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xfce4-panel	8.04 LTS hardy	Fixed 4.4.2
	7.10 gutsy	Fixed 4.4.1-1ubuntu3.1
	7.04 feisty	Fixed 4.4.0-0ubuntu1.1
	6.10 edgy	Ignored
	6.06 LTS dapper	Fixed 4.3.90.1svn+r21633-0ubuntu2.1

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
xfce4-panel	Debdiff: https://bugs.launchpad.net/ubuntu/+source/xfce4-panel/+bug/190020

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-6531