CVE-2022-46285

Name
CVE-2022-46285
Description
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2160092
MISC https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148
MISC https://lists.x.org/archives/xorg-announce/2023-January/003312.html
MISC https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9
MLIST https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html
MLIST http://www.openwall.com/lists/oss-security/2023/10/03/1
MLIST http://www.openwall.com/lists/oss-security/2023/10/03/10

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:* libxpm >= None < 3.5.15

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libxpm 3.17-main 3.5.15-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libxpm 3.16-main 3.5.15-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libxpm 3.15-main 3.5.15-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libxpm 3.14-main 3.5.15-r0 Natanael Copa <ncopa@alpinelinux.org> fixed