Debian 10: DLA-3459-1 Moderate: libxpm Denial of Service Exploits
debian lts
June 20, 2023
libxpm is a library handling X PixMap image format (so called xpm files)
Topics Covered
Summary
CVE-2022-4883
When processing files with
.Z or .gz extensions, the library calls external programs
to compress and uncompress files, relying on the
PATH environment variable to find these programs,
which could allow a malicious user to execute other programs
by manipulating the PATH environment variable.
CVE-2022-44617
When processing a file with width of 0
and a very large height, some parser functions will be
called repeatedly and can lead to an infinite loop,
resulting in a Denial of Service in the application linked
to the library.
CVE-2022-46285
When parsing a file with a comment
not closed, an end-of-file condition will not be detected,
leading to an infinite loop and resulting in a
Denial of Service in the application linked to the library.
For Debian 10 buster, these problems have been fixed in version
1:3.5.12-1+deb10u1.
We recommend that you upgrade your libxpm packages.
For the detailed security status of libxpm please refer to
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: libxpm
Version: 1:3.5.12-1+deb10u1
CVE ID: CVE-2022-4883 CVE-2022-44617 CVE-2022-46285
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!