PT-2023-6817

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.88.0 Description A flaw in the "chained" HTTP compression algorithms in curl allows a malicious server to insert a virtually unlimited number of compression steps by using many headers, potentially resulting in a denia...

UBUNTU-CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

A flaw was found in libXpm. When processing files with .Z or .gz extensions the library calls external programs to compress and uncompress files relying on the PATH environment variable to find these programs which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

...

ALPINE-CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CentOS: Security Advisory for libXpm (CESA-2023:0377)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

libXpm security update

CentOS Errata and Security Advisory CESA-2023:0377 An update for libXpm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : libXpm (RHSA-2023:0377)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0377 advisory. - A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on...

EulerOS Virtualization 3.0.2.2 : zlib (EulerOS-SA-2023-1305)

According to the versions of the zlib packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

Fedora 36 : libXpm (2023-49dbeb6b03)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-49dbeb6b03 advisory. libXpm 3.5.15, fixes CVE-2022-46285, CVE-2022-44617, CVE-2022-4883 Tenable has extracted the preceding description block directly from the Fedora...

AlmaLinux 9 : libXpm (ALSA-2023:0383)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0383 advisory. - libXpm: compression commands depend on $PATH CVE-2022-4883 - libXpm: Runaway loop on width of 0 and enormous height CVE-2022-44617 - libXpm: Infinite lo...

libXpm security update

3.5.12-9 - Fix CVE-2022-46285: infinite loop on unclosed comments 2161800 - Fix CVE-2022-44617: runaway loop with width of 0 2161808 - Fix CVE-2022-4883: compression depends on /usr/local/bin:/usr/bin 2160238...

RHEL 7 : libXpm (RHSA-2023:0377)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0377 advisory. The libXpm packages contain the X Pixmap parser library. Security Fixes: libXpm: compression commands depend on $PATH CVE-2022-4883 For more details...

Oracle Linux 9 : libXpm (ELSA-2023-0383)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0383 advisory. - Fix CVE-2022-46285: infinite loop on unclosed comments 2160230 - Fix CVE-2022-44617: runaway loop with width of 0 2160232 Tenable has extracted the...

Oracle Linux 7 : libXpm (ELSA-2023-0377)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0377 advisory. 3.5.12-2 - Fix CVE-2022-4883: compression commands depends on /usr/local/bin:/usr/bin 2161715 Tenable has extracted the preceding description block directly fro...

RHEL 9 : libXpm (RHSA-2023:0381)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0381 advisory. X.Org X11 libXpm runtime library. Security Fixes: libXpm: compression commands depend on $PATH CVE-2022-4883 libXpm: Runaway loop on width o...

Important: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Important: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...