Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "4.12"
},
{
"fixed": "4.12"
}
],
"source": "CPE_RANGE",
"vendor_product": "xfce:xfce",
"cpes": [
"cpe:2.3:a:xfce:xfce:*:*:*:*:*:*:*:*"
]
}
]
}