CVE-2022-44617 — Improper Input Validation in Libxpm

CWE-20 — Improper Input Validation CWE-835 — Infinite Loop13 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 77.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libxpm

Timeline

PublishedFeb 6

Latest updateFeb 21

Description

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDx.org/libxpm< 3.5.15

▶Debianx.org/libxpm< 1:3.5.12-1.1~deb11u1+3

▶Ubuntux.org/libxpm< 1:3.5.12-1ubuntu0.18.04.2+3

▶CVEListV5x.org/libxpm3.5.15

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

libxpm vulnerabilities↗2023-02-21

▶

GHSA

GHSA-xwjc-m85h-pr32: A flaw was found in libXpm↗2023-02-07

▶

OSV

CVE-2022-44617: A flaw was found in libXpm↗2023-02-06

▶

CVEList

CVE-2022-44617: A flaw was found in libXpm↗2023-02-06

▶

OSV

libxpm vulnerabilities↗2023-01-17

▶

📋Vendor Advisories

Ubuntu

libXpm vulnerabilities↗2023-02-21

▶

Microsoft

A flaw was found in libXpm. When processing a file with width of 0 and a very large height some parser functions will be called repeatedly and can lead to an infinite loop resulting in a Denial of Ser↗2023-02-14

▶

BSD

OpenBSD 7.1 Errata 019: SECURITY FIX↗2023-01-17

▶

BSD

OpenBSD 7.2 Errata 014: SECURITY FIX↗2023-01-17

▶

Red Hat

libXpm: Runaway loop on width of 0 and enormous height↗2023-01-17

▶