Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2259
HistoryOct 21, 2023 - 4:53 p.m.

Advisory ROSA-SA-2023-2259

2023-10-2116:53:40
ROSA LAB
abf.rosalinux.ru
15
libxpm 3.5.14
rosa-chrome
input validation
denial of service
remote attacker
vulnerability
xpm library
command execution
elevated privileges
update command

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.008

Percentile

82.0%

software: libxpm 3.5.14
OS: ROSA-CHROME

package_evr_string: libxpm-3.5.14-2.src.rpm

CVE-ID: CVE-2022-44617
BDU-ID: 2023-00389
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ParsePixels () function of the X Pixmap image file library (XPM) libXpm is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted XPM file with the width set to 0
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update libxpm

CVE-ID: CVE-2022-46285
BDU-ID: 2023-00390
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ParseComment() function of the X Pixmap Picture File (XPM) library libXpm is related to an infinite loop when processing unclosed comments. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted XPM file
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update libxpm

CVE-ID: CVE-2022-4883
BDU-ID: 2023-00388
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the X Pixmap image file library (XPM) libXpm is related to the fact that the library uses the $PATH variable to run a command responsible for unpacking .Z or .gz files. Exploiting the vulnerability could allow an attacker to execute arbitrary code with elevated privileges
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxpm

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibxpm< 3.5.14UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.008

Percentile

82.0%