CVE-2019-11461

high

Published — · Modified —

CVSS v3

—

CVSS v2

—

VIR risk

8.0

Description

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2019-11461

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2019-11461.html

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201905-3

OS impact

OS	Version	Status	Fixed in
arch		fixed	`3.32.1-1`
sles		affected
debian	bookworm	fixed	`3.30.5-2`
debian	bullseye	fixed	`3.30.5-2`
debian	forky	fixed	`3.30.5-2`
debian	sid	fixed	`3.30.5-2`
debian	trixie	fixed	`3.30.5-2`

References

Verify integrity in audit chain (admin only). AS-IS.