Vulnerability Details : CVE-2022-44617
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2022-44617
- cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-44617
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-44617
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-44617
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: secalert@redhat.com (Secondary)
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2022-44617
-
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9
Issues handling XPM files in libXpm prior to 3.5.15 (!9) · Merge requests · xorg / lib / libXpm · GitLab
-
https://lists.x.org/archives/xorg-announce/2023-January/003312.html
X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15
-
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html
[SECURITY] [DLA 3459-1] libxpm security update
-
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28
Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height (f80fa6ae) · Commits · xorg / lib / libXpm · GitLab
-
https://bugzilla.redhat.com/show_bug.cgi?id=2160193
2160193 – (CVE-2022-44617) CVE-2022-44617 libXpm: Runaway loop on width of 0 and enormous heightIssue Tracking;Patch;Third Party Advisory
Jump to