Lucene search

UbuntuUSN-6408-1

HistoryOct 03, 2023 - 12:00 a.m.

libXpm vulnerabilities

2023-10-0300:00:00

ubuntu.com

libxpm

ubuntu

vulnerabilities

xpm

image files

remote attacker

denial of service

arbitrary code

memory consumption

cve-2023-43786

cve-2023-43787

cve-2023-43788

cve-2023-43789

alan coopersmith

yair mizrahi

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Releases

Ubuntu 23.04
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS

Packages

libxpm - X11 pixmap library

Details

Yair Mizrahi discovered that libXpm incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could possibly use this issue to consume
memory, leading to a denial of service. (CVE-2023-43786)

Yair Mizrahi discovered that libXpm incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could use this issue to cause libXpm to
crash, leading to a denial of service, or possibly execute arbitrary code.
(CVE-2023-43787)

Alan Coopersmith discovered that libXpm incorrectly handled certain
malformed XPM image files. If a user were tricked into opening a specially
crafted XPM image file, a remote attacker could possibly use this issue to
cause libXpm to crash, leading to a denial of service. (CVE-2023-43788,
CVE-2023-43789)

OSVersionArchitecturePackageVersionFilename
Ubuntu23.04noarchlibxpm4< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu23.04noarchlibxpm-dev< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu23.04noarchlibxpm4-dbgsym< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu23.04noarchxpmutils< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu23.04noarchxpmutils-dbgsym< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu22.04noarchlibxpm4< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Ubuntu22.04noarchlibxpm-dev< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Ubuntu22.04noarchlibxpm4-dbgsym< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Ubuntu22.04noarchxpmutils< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Ubuntu22.04noarchxpmutils-dbgsym< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	23.04	noarch	libxpm4	< 1:3.5.12-1.1ubuntu0.1	UNKNOWN
Ubuntu	23.04	noarch	libxpm-dev	< 1:3.5.12-1.1ubuntu0.1	UNKNOWN
Ubuntu	23.04	noarch	libxpm4-dbgsym	< 1:3.5.12-1.1ubuntu0.1	UNKNOWN
Ubuntu	23.04	noarch	xpmutils	< 1:3.5.12-1.1ubuntu0.1	UNKNOWN
Ubuntu	23.04	noarch	xpmutils-dbgsym	< 1:3.5.12-1.1ubuntu0.1	UNKNOWN
Ubuntu	22.04	noarch	libxpm4	< 1:3.5.12-1ubuntu0.22.04.2	UNKNOWN
Ubuntu	22.04	noarch	libxpm-dev	< 1:3.5.12-1ubuntu0.22.04.2	UNKNOWN
Ubuntu	22.04	noarch	libxpm4-dbgsym	< 1:3.5.12-1ubuntu0.22.04.2	UNKNOWN
Ubuntu	22.04	noarch	xpmutils	< 1:3.5.12-1ubuntu0.22.04.2	UNKNOWN
Ubuntu	22.04	noarch	xpmutils-dbgsym	< 1:3.5.12-1ubuntu0.22.04.2	UNKNOWN