Gregory Andersen

**Name of the Vulnerable Software and Affected Versions** Xfce versions prior to 4.4.2 xfce4-panel versions prior to 4.4.2 **Description** The issue is related to a stack-based buffer overflow in the Panel component of Xfce, which could allow remote attackers to execute arbitrary code via Launcher tooltips. Additionally, there is a report of a second buffer overflow (over-read) in the xfce mkdirhier function, although it may not be exploitable for code execution. The exploitation of these vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information and can be carried out remotely. **Recommendations** For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider disabling the Launcher tooltips feature in the xfce4-panel component until a patch is available.