Headline
RHSA-2023:0382: Red Hat Security Advisory: libXpm security update
An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4883: libXpm: compression commands depend on $PATH
- CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height
- CVE-2022-46285: libXpm: Infinite loop on unclosed comments
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-23
Updated:
2023-01-23
RHSA-2023:0382 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: libXpm security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
X.Org X11 libXpm runtime library.
Security Fix(es):
- libXpm: compression commands depend on $PATH (CVE-2022-4883)
- libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617)
- libXpm: Infinite loop on unclosed comments (CVE-2022-46285)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2160092 - CVE-2022-46285 libXpm: Infinite loop on unclosed comments
- BZ - 2160193 - CVE-2022-44617 libXpm: Runaway loop on width of 0 and enormous height
- BZ - 2160213 - CVE-2022-4883 libXpm: compression commands depend on $PATH
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
libXpm-3.5.12-9.el8_4.src.rpm
SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823
x86_64
libXpm-3.5.12-9.el8_4.i686.rpm
SHA-256: 62aa315d401c6cdc5b446b66ee6334c3261889498d4db61fe1b21f2f3f951863
libXpm-3.5.12-9.el8_4.x86_64.rpm
SHA-256: fe814ffaf50fc211eee300cd8eb73415b4fdea85d1ba53397d723bb65b24a99d
libXpm-debuginfo-3.5.12-9.el8_4.i686.rpm
SHA-256: bcac6ccaf08253ca0bb8cd0cfa45fd30bf9e7f564407fcdc3d9c301659ababbb
libXpm-debuginfo-3.5.12-9.el8_4.x86_64.rpm
SHA-256: fc10da935f50426490b00077517d3a81428f53e26262cbcf7c943ca5c7fee195
libXpm-debugsource-3.5.12-9.el8_4.i686.rpm
SHA-256: 7fc79f48b23a949efc5bef854edb2a73e627322978d76a2017d1a0162becbf9e
libXpm-debugsource-3.5.12-9.el8_4.x86_64.rpm
SHA-256: 3c243dec071d0eb831a2a141cc48fae9ef7d03f4ba255871c907fe7909e52db1
libXpm-devel-3.5.12-9.el8_4.i686.rpm
SHA-256: 9f67648166df8245f8495e360e669002cde58442be0de4a55fd7b21bd511d02b
libXpm-devel-3.5.12-9.el8_4.x86_64.rpm
SHA-256: a567c7fecce5d66815f3c9f5a0215857f7847a7b25993c2cefb2ae438a20b078
libXpm-devel-debuginfo-3.5.12-9.el8_4.i686.rpm
SHA-256: 8a4d102e684708ad9f9eaca505e26b6f74804aa8471834a638643ef50130284f
libXpm-devel-debuginfo-3.5.12-9.el8_4.x86_64.rpm
SHA-256: 1119e6262b3a31a368a31ae2ad0071095977daec45594e9cdec7966899d96a1e
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
libXpm-3.5.12-9.el8_4.src.rpm
SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823
x86_64
libXpm-3.5.12-9.el8_4.i686.rpm
SHA-256: 62aa315d401c6cdc5b446b66ee6334c3261889498d4db61fe1b21f2f3f951863
libXpm-3.5.12-9.el8_4.x86_64.rpm
SHA-256: fe814ffaf50fc211eee300cd8eb73415b4fdea85d1ba53397d723bb65b24a99d
libXpm-debuginfo-3.5.12-9.el8_4.i686.rpm
SHA-256: bcac6ccaf08253ca0bb8cd0cfa45fd30bf9e7f564407fcdc3d9c301659ababbb
libXpm-debuginfo-3.5.12-9.el8_4.x86_64.rpm
SHA-256: fc10da935f50426490b00077517d3a81428f53e26262cbcf7c943ca5c7fee195
libXpm-debugsource-3.5.12-9.el8_4.i686.rpm
SHA-256: 7fc79f48b23a949efc5bef854edb2a73e627322978d76a2017d1a0162becbf9e
libXpm-debugsource-3.5.12-9.el8_4.x86_64.rpm
SHA-256: 3c243dec071d0eb831a2a141cc48fae9ef7d03f4ba255871c907fe7909e52db1
libXpm-devel-3.5.12-9.el8_4.i686.rpm
SHA-256: 9f67648166df8245f8495e360e669002cde58442be0de4a55fd7b21bd511d02b
libXpm-devel-3.5.12-9.el8_4.x86_64.rpm
SHA-256: a567c7fecce5d66815f3c9f5a0215857f7847a7b25993c2cefb2ae438a20b078
libXpm-devel-debuginfo-3.5.12-9.el8_4.i686.rpm
SHA-256: 8a4d102e684708ad9f9eaca505e26b6f74804aa8471834a638643ef50130284f
libXpm-devel-debuginfo-3.5.12-9.el8_4.x86_64.rpm
SHA-256: 1119e6262b3a31a368a31ae2ad0071095977daec45594e9cdec7966899d96a1e
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4
SRPM
libXpm-3.5.12-9.el8_4.src.rpm
SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823
s390x
libXpm-3.5.12-9.el8_4.s390x.rpm
SHA-256: 10249778e19f07d67012cb56364391697ea80e67ec34093bc8453cb8978767f8
libXpm-debuginfo-3.5.12-9.el8_4.s390x.rpm
SHA-256: 8c77eaac6fa8fd5727dbd79374db13509f6bd0bce640ac6b462768fafbb47208
libXpm-debugsource-3.5.12-9.el8_4.s390x.rpm
SHA-256: 62cde742a79dec0f68a7a9a0f17e0e58fd089c6966d506381dcebc21de4ec39a
libXpm-devel-3.5.12-9.el8_4.s390x.rpm
SHA-256: 53b1fb24be736e006aa54973e2b6730b1aec9ad47d54ed0fdd72c849ec989efa
libXpm-devel-debuginfo-3.5.12-9.el8_4.s390x.rpm
SHA-256: d802ce4f74b9b709135a7d26be2140080004a5369537c39edb55080481532703
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
libXpm-3.5.12-9.el8_4.src.rpm
SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823
ppc64le
libXpm-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: 2a2c1b3bda15a506a8d2b475294497ba3a50681f110b3ef64ae456e8252c6f89
libXpm-debuginfo-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: b8d5abfbd74c84a37145715ec74104f5e014221c79b836d96110509e29b36c86
libXpm-debugsource-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: 1d126098d8281cc8f0db67002259a5675ab8b670dd1b1310d8b7add02031bce8
libXpm-devel-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: 4fc3bcb164c92239f2212e33f391955ee075eebd9f905a0def89b654eba8e1ee
libXpm-devel-debuginfo-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: fb56b9c618d0ff37e8490c86de749d489205f2077adda74941343c70f80d932e
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
libXpm-3.5.12-9.el8_4.src.rpm
SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823
x86_64
libXpm-3.5.12-9.el8_4.i686.rpm
SHA-256: 62aa315d401c6cdc5b446b66ee6334c3261889498d4db61fe1b21f2f3f951863
libXpm-3.5.12-9.el8_4.x86_64.rpm
SHA-256: fe814ffaf50fc211eee300cd8eb73415b4fdea85d1ba53397d723bb65b24a99d
libXpm-debuginfo-3.5.12-9.el8_4.i686.rpm
SHA-256: bcac6ccaf08253ca0bb8cd0cfa45fd30bf9e7f564407fcdc3d9c301659ababbb
libXpm-debuginfo-3.5.12-9.el8_4.x86_64.rpm
SHA-256: fc10da935f50426490b00077517d3a81428f53e26262cbcf7c943ca5c7fee195
libXpm-debugsource-3.5.12-9.el8_4.i686.rpm
SHA-256: 7fc79f48b23a949efc5bef854edb2a73e627322978d76a2017d1a0162becbf9e
libXpm-debugsource-3.5.12-9.el8_4.x86_64.rpm
SHA-256: 3c243dec071d0eb831a2a141cc48fae9ef7d03f4ba255871c907fe7909e52db1
libXpm-devel-3.5.12-9.el8_4.i686.rpm
SHA-256: 9f67648166df8245f8495e360e669002cde58442be0de4a55fd7b21bd511d02b
libXpm-devel-3.5.12-9.el8_4.x86_64.rpm
SHA-256: a567c7fecce5d66815f3c9f5a0215857f7847a7b25993c2cefb2ae438a20b078
libXpm-devel-debuginfo-3.5.12-9.el8_4.i686.rpm
SHA-256: 8a4d102e684708ad9f9eaca505e26b6f74804aa8471834a638643ef50130284f
libXpm-devel-debuginfo-3.5.12-9.el8_4.x86_64.rpm
SHA-256: 1119e6262b3a31a368a31ae2ad0071095977daec45594e9cdec7966899d96a1e
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
SRPM
libXpm-3.5.12-9.el8_4.src.rpm
SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823
aarch64
libXpm-3.5.12-9.el8_4.aarch64.rpm
SHA-256: 8479b68b5bf4955c53c9b8c5e9498205882b56f20305b62d4664304a2263b0e9
libXpm-debuginfo-3.5.12-9.el8_4.aarch64.rpm
SHA-256: c4cc970e1032d5b0ab9cc9afccd54bdea2a04afa0b39ecf853290ca685510199
libXpm-debugsource-3.5.12-9.el8_4.aarch64.rpm
SHA-256: e6e5569669b2a0fabefc200f14bad6dac911aaed0f87849833d836c12b886f1f
libXpm-devel-3.5.12-9.el8_4.aarch64.rpm
SHA-256: 3a5de95ca7b3e4590f350c24fec0652a5b50702624a7dc650c8667103d2ffd92
libXpm-devel-debuginfo-3.5.12-9.el8_4.aarch64.rpm
SHA-256: 987ea8c7a6209253545376b108b50d98e6551a452a73896e5df94770f4cf1736
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
libXpm-3.5.12-9.el8_4.src.rpm
SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823
ppc64le
libXpm-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: 2a2c1b3bda15a506a8d2b475294497ba3a50681f110b3ef64ae456e8252c6f89
libXpm-debuginfo-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: b8d5abfbd74c84a37145715ec74104f5e014221c79b836d96110509e29b36c86
libXpm-debugsource-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: 1d126098d8281cc8f0db67002259a5675ab8b670dd1b1310d8b7add02031bce8
libXpm-devel-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: 4fc3bcb164c92239f2212e33f391955ee075eebd9f905a0def89b654eba8e1ee
libXpm-devel-debuginfo-3.5.12-9.el8_4.ppc64le.rpm
SHA-256: fb56b9c618d0ff37e8490c86de749d489205f2077adda74941343c70f80d932e
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
libXpm-3.5.12-9.el8_4.src.rpm
SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823
x86_64
libXpm-3.5.12-9.el8_4.i686.rpm
SHA-256: 62aa315d401c6cdc5b446b66ee6334c3261889498d4db61fe1b21f2f3f951863
libXpm-3.5.12-9.el8_4.x86_64.rpm
SHA-256: fe814ffaf50fc211eee300cd8eb73415b4fdea85d1ba53397d723bb65b24a99d
libXpm-debuginfo-3.5.12-9.el8_4.i686.rpm
SHA-256: bcac6ccaf08253ca0bb8cd0cfa45fd30bf9e7f564407fcdc3d9c301659ababbb
libXpm-debuginfo-3.5.12-9.el8_4.x86_64.rpm
SHA-256: fc10da935f50426490b00077517d3a81428f53e26262cbcf7c943ca5c7fee195
libXpm-debugsource-3.5.12-9.el8_4.i686.rpm
SHA-256: 7fc79f48b23a949efc5bef854edb2a73e627322978d76a2017d1a0162becbf9e
libXpm-debugsource-3.5.12-9.el8_4.x86_64.rpm
SHA-256: 3c243dec071d0eb831a2a141cc48fae9ef7d03f4ba255871c907fe7909e52db1
libXpm-devel-3.5.12-9.el8_4.i686.rpm
SHA-256: 9f67648166df8245f8495e360e669002cde58442be0de4a55fd7b21bd511d02b
libXpm-devel-3.5.12-9.el8_4.x86_64.rpm
SHA-256: a567c7fecce5d66815f3c9f5a0215857f7847a7b25993c2cefb2ae438a20b078
libXpm-devel-debuginfo-3.5.12-9.el8_4.i686.rpm
SHA-256: 8a4d102e684708ad9f9eaca505e26b6f74804aa8471834a638643ef50130284f
libXpm-devel-debuginfo-3.5.12-9.el8_4.x86_64.rpm
SHA-256: 1119e6262b3a31a368a31ae2ad0071095977daec45594e9cdec7966899d96a1e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.
Ubuntu Security Notice 5807-3 - USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Ubuntu Security Notice 5807-2 - USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...
Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.
An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...
Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...
The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
An update for libXpm is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments
An update for libXpm is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments
An update for libXpm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH
An update for libXpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments
An update for libXpm is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments
An update for libXpm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments
An update for libXpm is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments
** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root.
Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.
Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.
Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.