Lucene search

K
ubuntuUbuntuUSN-6408-2
HistoryOct 23, 2023 - 12:00 a.m.

libXpm vulnerabilities

2023-10-2300:00:00
ubuntu.com
29
ubuntu
libxpm
vulnerabilities
denial of service
xpm
image files
remote attacker
memory consumption
arbitrary code
esm
advisory

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0

Percentile

5.1%

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • libxpm - X11 pixmap library

Details

USN-6408-1 fixed several vulnerabilities in libXpm. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Yair Mizrahi discovered that libXpm incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could possibly use this issue to consume
memory, leading to a denial of service. (CVE-2023-43786)

Yair Mizrahi discovered that libXpm incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could use this issue to cause libXpm to
crash, leading to a denial of service, or possibly execute arbitrary code.
(CVE-2023-43787)

Alan Coopersmith discovered that libXpm incorrectly handled certain
malformed XPM image files. If a user were tricked into opening a specially
crafted XPM image file, a remote attacker could possibly use this issue to
cause libXpm to crash, leading to a denial of service. (CVE-2023-43788,
CVE-2023-43789)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlibxpm4< 1:3.5.12-1ubuntu0.18.04.2+esm1UNKNOWN
Ubuntu18.04noarchlibxpm-dev< 1:3.5.12-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchlibxpm4< 1:3.5.12-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchlibxpm4-dbgsym< 1:3.5.12-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchxpmutils< 1:3.5.12-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchxpmutils-dbgsym< 1:3.5.12-1ubuntu0.18.04.2UNKNOWN
Ubuntu16.04noarchlibxpm4< 1:3.5.11-1ubuntu0.16.04.1+esm2UNKNOWN
Ubuntu16.04noarchlibxpm-dev< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibxpm-dev-dbgsym< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Ubuntu16.04noarchlibxpm4< 1:3.5.11-1ubuntu0.16.04.1UNKNOWN
Rows per page:
1-10 of 221

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0

Percentile

5.1%