Lucene search

K
oraclelinuxOracleLinuxELSA-2024-2974
HistoryMay 23, 2024 - 12:00 a.m.

libXpm security update

2024-05-2300:00:00
linux.oracle.com
7
libxpm security update
abi compatibility
stack exhaustion
infinite recursion
integer overflow
heap overflow
out of bounds read
corrupted colormap

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0

Percentile

5.1%

[3.5.12-11]

  • Drop hardening patches from previous version to keep ABI compatibility
    [3.5.12-10]
  • CVE-2023-43786 libX11: stack exhaustion from infinite recursion
    in PutSubImage()
  • CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
    a heap overflow
  • CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
  • CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0

Percentile

5.1%