CVE-2023-43788
published 2023-10-10CVE-2023-43788: A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxpm | < libxpm 1:3.5.12-1.1+deb12u1 (bookworm) | libxpm 1:3.5.12-1.1+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_libxpm_3.5.17-1_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| x.org | libxpm | < 3.5.17 | 3.5.17 |
| x.org | libxpm | >= 0 < 1:3.5.12-1.1+deb11u1 | 1:3.5.12-1.1+deb11u1 |
| x.org | libxpm | >= 0 < 1:3.5.12-1.1+deb12u1 | 1:3.5.12-1.1+deb12u1 |
| x.org | libxpm | >= 0 < 1:3.5.17-1 | 1:3.5.17-1 |
| x.org | libxpm | >= 0 < 1:3.5.17-1 | 1:3.5.17-1 |
| x.org | libxpm | >= 0 < 1:3.5.12-1ubuntu0.20.04.2 | 1:3.5.12-1ubuntu0.20.04.2 |
| x.org | libxpm | >= 0 < 1:3.5.12-1ubuntu0.22.04.2 | 1:3.5.12-1ubuntu0.22.04.2 |
| x.org | libxpm | >= 0 < 1:3.5.10-1ubuntu0.1+esm2 | 1:3.5.10-1ubuntu0.1+esm2 |
| x.org | libxpm | >= 0 < 1:3.5.11-1ubuntu0.16.04.1+esm2 | 1:3.5.11-1ubuntu0.16.04.1+esm2 |
| x.org | libxpm | >= 0 < 1:3.5.12-1ubuntu0.18.04.2+esm1 | 1:3.5.12-1ubuntu0.18.04.2+esm1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM