First published: Tue Oct 03 2023(Updated: )
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
X.org Libxpm | <3.5.17 | |
Fedoraproject Fedora | =38 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
redhat/libXpm | <3.5.17 | 3.5.17 |
debian/libxpm | <=1:3.5.12-1 | 1:3.5.12-1+deb10u2 1:3.5.12-1.1+deb11u1 1:3.5.12-1.1+deb12u1 1:3.5.17-1 |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =39 | |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.18.04.2+ | 1:3.5.12-1ubuntu0.18.04.2+ |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.20.04.2 | 1:3.5.12-1ubuntu0.20.04.2 |
ubuntu/libxpm | <1:3.5.12-1ubuntu0.22.04.2 | 1:3.5.12-1ubuntu0.22.04.2 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu0.1 | 1:3.5.12-1.1ubuntu0.1 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu1 | 1:3.5.12-1.1ubuntu1 |
ubuntu/libxpm | <1:3.5.12-1.1ubuntu1 | 1:3.5.12-1.1ubuntu1 |
ubuntu/libxpm | <1:3.5.10-1ubuntu0.1+ | 1:3.5.10-1ubuntu0.1+ |
ubuntu/libxpm | <3.5.17 | 3.5.17 |
ubuntu/libxpm | <1:3.5.11-1ubuntu0.16.04.1+ | 1:3.5.11-1ubuntu0.16.04.1+ |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-43788 is not specified.
To fix CVE-2023-43788, update the affected software to version 3.5.17 or higher.
The source of CVE-2023-43788 is libXpm.
You can find more information about CVE-2023-43788 on the following websites: CVE Mitre (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43788), Ubuntu Security Notices (https://ubuntu.com/security/notices/USN-6408-1), and NVD NIST (https://nvd.nist.gov/vuln/detail/CVE-2023-43788).