CVE-2022-46285Infinite Loop in Libxpm

CWE-835Infinite Loop15 documents9 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 71.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
X.org Libxpm
Timeline
PublishedFeb 7
Latest updateJul 26

Description

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDx.org/libxpm< 3.5.15
Debianx.org/libxpm< 1:3.5.12-1.1~deb11u1+3
Ubuntux.org/libxpm< 1:3.5.10-1ubuntu0.1+esm1
CVEListV5x.org/libxpm3.5.15

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

6
OSV
libxpm vulnerability2023-07-26
OSV
libxpm vulnerabilities2023-02-21
CVEList
CVE-2022-46285: A flaw was found in libXpm2023-02-07
OSV
CVE-2022-46285: A flaw was found in libXpm2023-02-07
GHSA
GHSA-x5vr-48jx-h8wp: A flaw was found in libXpm2023-02-07

📋Vendor Advisories

8
Ubuntu
libXpm vulnerability2023-07-26
Ubuntu
libXpm vulnerabilities2023-02-21
Microsoft
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected leading to an infinite loop and resulting in a Denial of Ser2023-02-14
BSD
OpenBSD 7.1 Errata 019: SECURITY FIX2023-01-17
Red Hat
libXpm: Infinite loop on unclosed comments2023-01-17
CVE-2022-46285 — Infinite Loop in X.org Libxpm | cvebase