CVE-2021-32563
- Source
- https://cve.org/CVERecord?id=CVE-2021-32563
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32563.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-32563
- Downstream
- Related
- Published
- 2021-05-11T05:15:07.217Z
- Modified
- 2026-02-19T08:29:18.884715Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
- References
-
- http://www.openwall.com/lists/oss-security/2021/05/11/3
- http://www.openwall.com/lists/oss-security/2023/01/05/1
- http://www.openwall.com/lists/oss-security/2023/01/05/2
- https://gitlab.xfce.org/xfce/thunar/-/tags
- https://www.openwall.com/lists/oss-security/2021/05/09/2
- https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d
- https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
- https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
- http://www.openwall.com/lists/oss-security/2021/05/11/3
- http://www.openwall.com/lists/oss-security/2023/01/05/1
- http://www.openwall.com/lists/oss-security/2023/01/05/2
- https://www.openwall.com/lists/oss-security/2021/05/09/2
Affected packages
Git / gitlab.xfce.org/xfce/thunar
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.xfce.org/xfce/thunar
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
thunar-0.*
thunar-0.3.0beta1
thunar-0.3.2beta2
thunar-0.9.0
thunar-0.9.80
thunar-0.9.91
thunar-0.9.92
thunar-0.9.93
thunar-0.9.99.1
thunar-1.*
thunar-1.0.1
thunar-1.1.0
thunar-1.1.1
thunar-1.1.2
thunar-1.1.3
thunar-1.1.4
thunar-1.1.5
thunar-1.1.6
thunar-1.2.0
thunar-1.3.0
thunar-1.3.1
thunar-1.3.2
thunar-1.4.0
thunar-1.5.0
thunar-1.5.1
thunar-1.5.2
thunar-1.5.3
thunar-1.6.0
thunar-1.6.1
thunar-1.6.10
thunar-1.6.11
thunar-1.6.12
thunar-1.6.2
thunar-1.6.3
thunar-1.6.4
thunar-1.6.5
thunar-1.6.6
thunar-1.6.7
thunar-1.6.8
thunar-1.6.9
thunar-1.7.0
thunar-1.7.1
thunar-1.7.2
thunar-1.8.0
thunar-1.8.1
thunar-1.8.10
thunar-1.8.11
thunar-1.8.12
thunar-1.8.13
thunar-1.8.14
thunar-1.8.15
thunar-1.8.16
thunar-1.8.2
thunar-1.8.3
thunar-1.8.4
thunar-1.8.5
thunar-1.8.6
thunar-1.8.7
thunar-1.8.8
thunar-1.8.9
thunar-4.*
thunar-4.15.0
thunar-4.15.1
thunar-4.15.2
thunar-4.15.3
thunar-4.16.0
thunar-4.17.0
thunar-4.17.1
thunar-4.17.2
xfce-4.*
xfce-4.14.0
xfce-4.14pre1
xfce-4.14pre2
xfce-4.14pre3
xfce-4.16pre1
xfce-4.16pre2
xfce-4.4.2
xfce-4.4beta1
xfce-4.4beta2
xfce-4.6alpha
xfce-4.6beta1
xfce-4.6beta2
xfce-4.6beta3
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32563.json"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1117.0,
"function_hash": "76453521844426154463468593598021274668"
},
"signature_type": "Function",
"id": "CVE-2021-32563-101171c6",
"source": "https://gitlab.xfce.org/xfce/thunar@9165a61f95e43cc0b5abf9b98eee2818a0191e0b",
"target": {
"function": "thunar_application_process_files_finish",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 872.0,
"function_hash": "193458808684422267123343110460523055664"
},
"signature_type": "Function",
"id": "CVE-2021-32563-1df0ae1b",
"source": "https://gitlab.xfce.org/xfce/thunar@1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"target": {
"function": "thunar_dbus_service_launch_files",
"file": "thunar/thunar-dbus-service.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 872.0,
"function_hash": "193458808684422267123343110460523055664"
},
"signature_type": "Function",
"id": "CVE-2021-32563-3371b1be",
"source": "https://gitlab.xfce.org/xfce/thunar@3b54d9d7dbd7fd16235e2141c43a7f18718f5664",
"target": {
"function": "thunar_dbus_service_launch_files",
"file": "thunar/thunar-dbus-service.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"99865753861372286741297302913382354915",
"247622726720538761819007825338052618403",
"176707885454668556170807645085737497280",
"333139024330446761343571746633445783416",
"146933908393969737615666454578684566522",
"200950094597740713280463560507298461842",
"53157523538990916355912828241457075199",
"111062599924806412650171855414553199827",
"325574395854969106349081343904029325414",
"96280369011074423462049685733203586973",
"95175919934903627722799744816487549256",
"87979455723892921382754459728731431894",
"211815047354901012973875091234101483548",
"320651336846753288642916734169432988645",
"181099522359467315620313745910512897711",
"153994052584897464719651028656804608749",
"109686166458609463385780913158710092336",
"47344089737884774703593204193646799146",
"100033262815061095203185496210447605238",
"270834495830842206512636738675756809517",
"78280308885520139326351024274231693315",
"24143829151470514115686587440494546578",
"162963469958582670132263380745055037439",
"323470614842269169400092986155997793683",
"76297322711891696412634719653849231140",
"313985901390170542829464902400940513537",
"226689051052781581000688254084198218685",
"250072494023561774963418071710018025597",
"134074542978424833109212619914329119633",
"204244619100719419585979787763591942176",
"93073831432092438747287437076990281853",
"222306724715024403879775227841098005366",
"126753208052616772965924041059652513292",
"299190834713215887819496170143625796803",
"43669644444511266314034110939201566121",
"329597757202746072060154039748659550011",
"8589464569689314626628195546958959490",
"224006342155471841587369911354457484501",
"268817342966736802396788422819508424690",
"65251134301491786359188187833077704704",
"218734824882458718720399157212612433067",
"236608988130168814103789507423271987286",
"264605666031778543864186310244680799551",
"328786809375787067547117669737535599134",
"248309274974212285512233078256133398883",
"2091267552891035950676508740904196090",
"157447081540793957148148791309110554724",
"185128742574355327423600561785971947229",
"152323619305930788114651512847058784937",
"74682958876486458854402065804292363417",
"241829157896393090932505305535412264887",
"200044527732749026347057920628696504716",
"277408563712604401407955732683884191104"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-42a80165",
"source": "https://gitlab.xfce.org/xfce/thunar@3b54d9d7dbd7fd16235e2141c43a7f18718f5664",
"target": {
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"99865753861372286741297302913382354915",
"247622726720538761819007825338052618403",
"176707885454668556170807645085737497280",
"333139024330446761343571746633445783416",
"146933908393969737615666454578684566522",
"200950094597740713280463560507298461842",
"53157523538990916355912828241457075199",
"111062599924806412650171855414553199827",
"325574395854969106349081343904029325414",
"96280369011074423462049685733203586973",
"95175919934903627722799744816487549256",
"87979455723892921382754459728731431894",
"211815047354901012973875091234101483548",
"320651336846753288642916734169432988645",
"181099522359467315620313745910512897711",
"153994052584897464719651028656804608749",
"109686166458609463385780913158710092336",
"47344089737884774703593204193646799146",
"100033262815061095203185496210447605238",
"270834495830842206512636738675756809517",
"78280308885520139326351024274231693315",
"24143829151470514115686587440494546578",
"162963469958582670132263380745055037439",
"323470614842269169400092986155997793683",
"76297322711891696412634719653849231140",
"313985901390170542829464902400940513537",
"226689051052781581000688254084198218685",
"250072494023561774963418071710018025597",
"134074542978424833109212619914329119633",
"204244619100719419585979787763591942176",
"93073831432092438747287437076990281853",
"222306724715024403879775227841098005366",
"126753208052616772965924041059652513292",
"299190834713215887819496170143625796803",
"43669644444511266314034110939201566121",
"217846621016225848485072870713498074044",
"64660158412193811085918561022236540670",
"181899418999702034230534458880337942005",
"43894642237672623045404286098122510699",
"65251134301491786359188187833077704704",
"218734824882458718720399157212612433067",
"236608988130168814103789507423271987286",
"264605666031778543864186310244680799551",
"328786809375787067547117669737535599134",
"248309274974212285512233078256133398883",
"2091267552891035950676508740904196090",
"157447081540793957148148791309110554724",
"185128742574355327423600561785971947229",
"152323619305930788114651512847058784937",
"74682958876486458854402065804292363417",
"241829157896393090932505305535412264887",
"200044527732749026347057920628696504716",
"277408563712604401407955732683884191104"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-4e7c6dae",
"source": "https://gitlab.xfce.org/xfce/thunar@1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"target": {
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1227.0,
"function_hash": "68292435232507658122657591857538863550"
},
"signature_type": "Function",
"id": "CVE-2021-32563-673269cd",
"source": "https://gitlab.xfce.org/xfce/thunar@3b54d9d7dbd7fd16235e2141c43a7f18718f5664",
"target": {
"function": "thunar_application_command_line",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"333741236351249368640136793175355211632",
"196023527416500479017541562811996078200",
"312149587464661582791396048727543242774",
"82789431063833627206592324110022651623"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-6bc3037f",
"source": "https://gitlab.xfce.org/xfce/thunar@3b54d9d7dbd7fd16235e2141c43a7f18718f5664",
"target": {
"file": "thunar/thunar-dbus-service.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 263.0,
"function_hash": "295140515129436387913340608017997340311"
},
"signature_type": "Function",
"id": "CVE-2021-32563-6ce5d24f",
"source": "https://gitlab.xfce.org/xfce/thunar@1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"target": {
"function": "thunar_application_init",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 457.0,
"function_hash": "240219985511444574272100991227286123703"
},
"signature_type": "Function",
"id": "CVE-2021-32563-8b23ffb8",
"source": "https://gitlab.xfce.org/xfce/thunar@9165a61f95e43cc0b5abf9b98eee2818a0191e0b",
"target": {
"function": "thunar_window_select_files",
"file": "thunar/thunar-window.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1227.0,
"function_hash": "68292435232507658122657591857538863550"
},
"signature_type": "Function",
"id": "CVE-2021-32563-9c155d7c",
"source": "https://gitlab.xfce.org/xfce/thunar@1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"target": {
"function": "thunar_application_command_line",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"33883801610053101770454332029839617759",
"31942194425757146550583624434930046418",
"5999911348752228872924859601749310390",
"68298791084085739787901773884069998986",
"199692913691837589097090413456053514655",
"141670879382841887650444079627429453297",
"35781408589419365993670024578647521386"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-9df4f3c4",
"source": "https://gitlab.xfce.org/xfce/thunar@3b54d9d7dbd7fd16235e2141c43a7f18718f5664",
"target": {
"file": "thunar/thunar-application.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1446.0,
"function_hash": "211675061993268373167333014712260429383"
},
"signature_type": "Function",
"id": "CVE-2021-32563-b3bd2670",
"source": "https://gitlab.xfce.org/xfce/thunar@3b54d9d7dbd7fd16235e2141c43a7f18718f5664",
"target": {
"function": "thunar_application_process_files_finish",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"33883801610053101770454332029839617759",
"31942194425757146550583624434930046418",
"5999911348752228872924859601749310390",
"68298791084085739787901773884069998986",
"199692913691837589097090413456053514655",
"141670879382841887650444079627429453297",
"35781408589419365993670024578647521386"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-bb90fa0c",
"source": "https://gitlab.xfce.org/xfce/thunar@1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"target": {
"file": "thunar/thunar-application.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"217846621016225848485072870713498074044",
"64660158412193811085918561022236540670",
"181899418999702034230534458880337942005",
"43894642237672623045404286098122510699"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-bcc23ddb",
"source": "https://gitlab.xfce.org/xfce/thunar@9165a61f95e43cc0b5abf9b98eee2818a0191e0b",
"target": {
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1597.0,
"function_hash": "13755289352619420209884812984269774282"
},
"signature_type": "Function",
"id": "CVE-2021-32563-c66191d5",
"source": "https://gitlab.xfce.org/xfce/thunar@1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"target": {
"function": "thunar_application_process_filenames",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1117.0,
"function_hash": "76453521844426154463468593598021274668"
},
"signature_type": "Function",
"id": "CVE-2021-32563-d648f2d0",
"source": "https://gitlab.xfce.org/xfce/thunar@1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"target": {
"function": "thunar_application_process_files_finish",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"71995599210645557607068850389178420250",
"176431535656620076387624886239560476324",
"119060238380255805610963994524452940987"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-e24206da",
"source": "https://gitlab.xfce.org/xfce/thunar@9165a61f95e43cc0b5abf9b98eee2818a0191e0b",
"target": {
"file": "thunar/thunar-window.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1597.0,
"function_hash": "13755289352619420209884812984269774282"
},
"signature_type": "Function",
"id": "CVE-2021-32563-e78764ce",
"source": "https://gitlab.xfce.org/xfce/thunar@3b54d9d7dbd7fd16235e2141c43a7f18718f5664",
"target": {
"function": "thunar_application_process_filenames",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"195470704098790955053997434797781333610",
"294593178307349962211822224981884982439",
"237836334247483354412060104701140496504",
"25744477612665038666142578699714641948",
"210903922429604648927034136560186576621",
"87829882380763779028356856767485725253",
"116412102868994170465163048963147799421",
"52831437443336667610700417247031608224",
"309869385550930135943211102869211562463"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-e83755e9",
"source": "https://gitlab.xfce.org/xfce/thunar@9165a61f95e43cc0b5abf9b98eee2818a0191e0b",
"target": {
"file": "thunar/thunar-window.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 263.0,
"function_hash": "295140515129436387913340608017997340311"
},
"signature_type": "Function",
"id": "CVE-2021-32563-e9e9b7e4",
"source": "https://gitlab.xfce.org/xfce/thunar@3b54d9d7dbd7fd16235e2141c43a7f18718f5664",
"target": {
"function": "thunar_application_init",
"file": "thunar/thunar-application.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"333741236351249368640136793175355211632",
"196023527416500479017541562811996078200",
"312149587464661582791396048727543242774",
"82789431063833627206592324110022651623"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2021-32563-f00a346b",
"source": "https://gitlab.xfce.org/xfce/thunar@1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"target": {
"file": "thunar/thunar-dbus-service.c"
}
}
]