Lucene search

K
ubuntuUbuntuUSN-5807-2
HistoryFeb 21, 2023 - 12:00 a.m.

libXpm vulnerabilities

2023-02-2100:00:00
ubuntu.com
23

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

Releases

  • Ubuntu 16.04 ESM

Packages

  • libxpm - X11 pixmap library

Details

USN-5807-1 fixed vulnerabilities in libXpm. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Martin Ettl discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-44617)

Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-46285)

Alan Coopersmith discovered that libXpm incorrectly handled calling
external helper binaries. If libXpm was being used by a setuid binary, a
local attacker could possibly use this issue to escalate privileges.
(CVE-2022-4883)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchxpmutils< 1:3.5.11-1ubuntu0.16.04.1+esm1UNKNOWN
Ubuntu16.04noarchlibxpm-dev< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibxpm-dev-dbgsym< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibxpm4< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibxpm4-dbg< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibxpm4-dbgsym< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchxpmutils< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchxpmutils-dbgsym< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibxpm4< 1:3.5.11-1ubuntu0.16.04.1+esm1UNKNOWN

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P