Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-4883

Опубликовано: 07 фев. 2023
Источник: debian
EPSS Низкий

Описание

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxpmfixed1:3.5.12-1.1package
libxpmfixed1:3.5.12-1.1~deb11u1bullseyepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2023/01/17/2

  • https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff916696d0a14308ff4f3a376 (libXpm-3.5.15)

  • https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/8178eb0834d82242e1edbc7d4fb0d1b397569c68 (libXpm-3.5.15)

EPSS

Процентиль: 39%
0.00171
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-4883

CVSS3: 8.8
ubuntu
больше 2 лет назад

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

redhat логотип

CVE-2022-4883

CVSS3: 8.1
redhat
больше 2 лет назад

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

nvd логотип

CVE-2022-4883

CVSS3: 8.8
nvd
больше 2 лет назад

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

github логотип

GHSA-75px-q76w-83rc

CVSS3: 8.8
github
больше 2 лет назад

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

oracle-oval логотип

ELSA-2023-0377

oracle-oval
больше 2 лет назад

ELSA-2023-0377: libXpm security update (IMPORTANT)

EPSS

Процентиль: 39%
0.00171
Низкий