Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2412
HistoryMay 02, 2024 - 9:11 a.m.

Advisory ROSA-SA-2024-2412

2024-05-0209:11:55
ROSA LAB
abf.rosalinux.ru
10
libxpm
rosa-chrome
cve-2023-43788
cve-2023-43789
memory read error
unauthorized access
fixed
rosa-sa-2024-2412
libxpm
xpmcreatexpmimagefrombuffer
out-of-bounds

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

5.1%

software: libxpm 3.5.17
OS: ROSA-CHROME

package_evr_string: libxpm-3.5.17-1

CVE-ID: CVE-2023-43788
BDU-ID: 2023-06887
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the XpmCreateXpmImageFromBuffer() function of the X Pixmap Image File (XPM) libXpm library is related to reading data beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxpm

CVE-ID: CVE-2023-43789
BDU-ID: 2023-06927
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the libXpm image file manipulation library is related to the invocation of an out-of-bounds memory read error. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxpm

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibxpm< 3.5.17UNKNOWN

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

5.1%