A security issue fixed upstream in pcmanfm has been announced:
Mageia 5 is probably also affected.
The updated package fixes a security vulnerability:
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). (CVE-2017-8934)
Updated packages in core/updates_testing: