CVE-2023-43788

Name
CVE-2023-43788
Description
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2242248
MISC https://access.redhat.com/security/cve/CVE-2023-43788
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6FARGWN7VWXXWPXYNEEDJLRR3EWFZ3T/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2146
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2217

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:* libxpm >= None < 3.5.17

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libxpm edge-main 3.5.17-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libxpm 3.18-main 3.5.16-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libxpm 3.17-main 3.5.15-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libxpm 3.16-main 3.5.15-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libxpm 3.15-main 3.5.15-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libxpm 3.19-main 3.5.17-r0 Natanael Copa <ncopa@alpinelinux.org> fixed