Lucene search

K
oraclelinuxOracleLinuxELSA-2024-2146
HistoryMay 02, 2024 - 12:00 a.m.

libXpm security update

2024-05-0200:00:00
linux.oracle.com
3
security update
libxpm
unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6

Confidence

High

EPSS

0

Percentile

5.1%

[3.5.13-10]

  • Drop hardening patches from previous version to keep ABI compatibility
    [3.5.13-9]
  • CVE-2023-43786 libX11: stack exhaustion from infinite recursion
    in PutSubImage()
  • CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
    a heap overflow
  • CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
  • CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6

Confidence

High

EPSS

0

Percentile

5.1%