MiracleLinux 9 : libXpm-3.5.13-10.el9 (AXSA:2024-7916:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7916:01 advisory. libXpm: out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43788 libXpm: out of bounds read on XPM with corrupted colormap CVE-2023-43789...

MiracleLinux 8 : motif-2.3.4-20.el8 (AXSA:2024-8322:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8322:02 advisory. libXpm: out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43788 libXpm: out of bounds read on XPM with corrupted colormap CVE-2023-43789...

EUVD-2022-49103

Malicious code in bioql PyPI...

EUVD-2022-52143

Malicious code in bioql PyPI...

EUVD-2022-47554

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-43788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an...

SUSE CVE-2022-44617

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

CVE-2022-44617

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...

libXpm: Runaway loop on width of 0 and enormous height

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...

libXpm: Runaway loop on width of 0 and enormous height

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library...

UBUNTU-CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...