First published: Wed Jan 11 2023(Updated: )
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libXpm | <3.5.15 | 3.5.15 |
ubuntu/libxpm | <1:3.5.11-1ubuntu0.16.04.1+ | 1:3.5.11-1ubuntu0.16.04.1+ |
ubuntu/libxpm | <1:3.5.10-1ubuntu0.1+ | 1:3.5.10-1ubuntu0.1+ |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.18.04.2 | 1:3.5.12-1ubuntu0.18.04.2 |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.20.04.1 | 1:3.5.12-1ubuntu0.20.04.1 |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.22.04.1 | 1:3.5.12-1ubuntu0.22.04.1 |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.22.10.1 | 1:3.5.12-1ubuntu0.22.10.1 |
ubuntu/libxpm | <3.5.15 | 3.5.15 |
ubuntu/libxpm | <1:3.5.12-1ubuntu1 | 1:3.5.12-1ubuntu1 |
X.org Libxpm | <3.5.15 | |
<3.5.15 | ||
debian/libxpm | <=1:3.5.12-1 | 1:3.5.12-1+deb10u2 1:3.5.12-1.1~deb11u1 1:3.5.12-1.1+deb11u1 1:3.5.12-1.1+deb12u1 1:3.5.17-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-46285 is a vulnerability in libXpm that can lead to a Denial of Service (DoS) attack due to an infinite loop caused by parsing a file with an unclosed comment.
CVE-2022-46285 can cause a Denial of Service (DoS) in the application linked to libXpm.
CVE-2022-46285 has a severity rating of 7.5, which is classified as high.
Versions 1:3.5.11-1ubuntu0.16.04.1+ to 1:3.5.12-1ubuntu0.22.10.1 of libXpm are affected by CVE-2022-46285.
To fix CVE-2022-46285, it is recommended to update libXpm to version 3.5.15 or apply the specific remedies provided by the respective distribution or vendor.