EulerOS Virtualization 3.0.6.6 : libXpm (EulerOS-SA-2023-2430)

According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

EulerOS Virtualization 3.0.6.0 : libXpm (EulerOS-SA-2023-2253)

According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2023-2108)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : libXpm (EulerOS-SA-2023-1762)

According to the versions of the libXpm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and c...

FreeBSD : libXpm -- Issues handling XPM files (38f213b6-8f3d-4067-91ef-bf14de7ba518)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 38f213b6-8f3d-4067-91ef-bf14de7ba518 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height,...

Amazon Linux 2023 : libXpm, libXpm-devel (ALAS2023-2023-107)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-107 advisory. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Deni...

Amazon Linux AMI : libXpm (ALAS-2023-1693)

The version of libXpm installed on the remote host is prior to 3.5.10-2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1693 advisory. A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will b...

Important: libXpm

Issue Overview: A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE-2022-44617 A flaw was found ...

Ubuntu 16.04 ESM : libXpm vulnerabilities (USN-5807-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5807-2 advisory. USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding...

ALPINE-CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2022-4883

CVE-2022-4883 concerns the libXpm library. When processing files with .Z or .gz extensions, libXpm may invoke external programs to compress/uncompress, using PATH to locate these helpers. This behavior allows a local attacker to cause arbitrary program execution by manipulating PATH. Reported acr...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Remote Code Execution(RCE)

libxpm is vulnerable to Remote Code ExecutionRCE. When processing .Z or .gz file extensions, the library calls external programs to compress and uncompress files. This could allow a malicious user to execute other programs by manipulating the PATH environment variable...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : libXpm vulnerabilities (USN-5807-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5807-1 advisory. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening...

CVE-2022-38199

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings...

Esri ArcGIS Server 安全漏洞

Esri ArcGIS Server is a Web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri, Inc. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 and earlier, which stems from a possible remote file download...

CVE-2021-45492

In Sage 300 ERP formerly accpac through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set explicit permissions...

Security advisory: QProcess

Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal. Specifically, the...