CVE-2022-44617

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-44617
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2160193 Issue Tracking Patch Third Party Advisory
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html
https://lists.x.org/archives/xorg-announce/2023-January/003312.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*
History

17 Oct 2023, 15:55

Type Values Removed Values Added
First Time X.org libxpm
X.org
CPE cpe:2.3:a:libxpm_project:libxpm:*:*:*:*:*:*:*:* cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*

20 Jun 2023, 14:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html -
Information

Published : 2023-02-06 23:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-44617

Mitre link : CVE-2022-44617

CVE.ORG link : CVE-2022-44617

JSON object : View

Products Affected

x.org

  • libxpm
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-20

Improper Input Validation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024