Lucene search

K
ubuntuUbuntuUSN-6408-1
HistoryOct 03, 2023 - 12:00 a.m.

libXpm vulnerabilities

2023-10-0300:00:00
ubuntu.com
41
libxpm
ubuntu
vulnerabilities
xpm
image files
remote attacker
denial of service
arbitrary code
memory consumption
cve-2023-43786
cve-2023-43787
cve-2023-43788
cve-2023-43789
alan coopersmith
yair mizrahi

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0

Percentile

5.1%

Releases

  • Ubuntu 23.04
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • libxpm - X11 pixmap library

Details

Yair Mizrahi discovered that libXpm incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could possibly use this issue to consume
memory, leading to a denial of service. (CVE-2023-43786)

Yair Mizrahi discovered that libXpm incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could use this issue to cause libXpm to
crash, leading to a denial of service, or possibly execute arbitrary code.
(CVE-2023-43787)

Alan Coopersmith discovered that libXpm incorrectly handled certain
malformed XPM image files. If a user were tricked into opening a specially
crafted XPM image file, a remote attacker could possibly use this issue to
cause libXpm to crash, leading to a denial of service. (CVE-2023-43788,
CVE-2023-43789)

OSVersionArchitecturePackageVersionFilename
Ubuntu23.04noarchlibxpm4< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu23.04noarchlibxpm-dev< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu23.04noarchlibxpm4-dbgsym< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu23.04noarchxpmutils< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu23.04noarchxpmutils-dbgsym< 1:3.5.12-1.1ubuntu0.1UNKNOWN
Ubuntu22.04noarchlibxpm4< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Ubuntu22.04noarchlibxpm-dev< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Ubuntu22.04noarchlibxpm4-dbgsym< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Ubuntu22.04noarchxpmutils< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Ubuntu22.04noarchxpmutils-dbgsym< 1:3.5.12-1ubuntu0.22.04.2UNKNOWN
Rows per page:
1-10 of 151

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0

Percentile

5.1%