CVE-2022-46285 : A flaw was found in libXpm. This issue occurs when parsing a file with a comment

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

Published 2023-02-07 19:15:09

Updated 2025-03-25 15:15:16

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-46285

X.org » Libxpm
Versions before (<) 3.5.15
cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-46285

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-46285

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-03-25
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-46285

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: secalert@redhat.com (Secondary)

References for CVE-2022-46285

https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9

Issues handling XPM files in libXpm prior to 3.5.15 (!9) · Merge requests · xorg / lib / libXpm · GitLab

CVEs referencing this url
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148

Fix CVE-2022-46285: Infinite loop on unclosed comments (a3a7c6dc) · Commits · xorg / lib / libXpm · GitLab
https://bugzilla.redhat.com/show_bug.cgi?id=2160092

2160092 – (CVE-2022-46285) CVE-2022-46285 libXpm: Infinite loop on unclosed comments
Issue Tracking;Patch;Third Party Advisory
https://lists.x.org/archives/xorg-announce/2023-January/003312.html

X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html

[SECURITY] [DLA 3459-1] libxpm security update

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2023/10/03/1

oss-security - Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17
http://www.openwall.com/lists/oss-security/2023/10/03/10

oss-security - Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17

Jump to

Vulnerability Details : CVE-2022-46285

Products affected by CVE-2022-46285

Exploit prediction scoring system (EPSS) score for CVE-2022-46285

CVSS scores for CVE-2022-46285

CWE ids for CVE-2022-46285

References for CVE-2022-46285