CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
82.0%
software: libxpm 3.5.14
OS: ROSA-CHROME
package_evr_string: libxpm-3.5.14-2.src.rpm
CVE-ID: CVE-2022-44617
BDU-ID: 2023-00389
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ParsePixels () function of the X Pixmap image file library (XPM) libXpm is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted XPM file with the width set to 0
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update libxpm
CVE-ID: CVE-2022-46285
BDU-ID: 2023-00390
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ParseComment() function of the X Pixmap Picture File (XPM) library libXpm is related to an infinite loop when processing unclosed comments. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted XPM file
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update libxpm
CVE-ID: CVE-2022-4883
BDU-ID: 2023-00388
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the X Pixmap image file library (XPM) libXpm is related to the fact that the library uses the $PATH variable to run a command responsible for unpacking .Z or .gz files. Exploiting the vulnerability could allow an attacker to execute arbitrary code with elevated privileges
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxpm
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
82.0%