Описание
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
A buffer-overflow vulnerability was found in xterm's set_sixel() function in the 'graphics_sixel.c' file. This flaw allows an attacker to trigger a buffer overflow via crafted text when the sixel-graphics functionality is enabled. This issue causes xterm to crash, affecting the availability of an application, leading to a denial of service.
Отчет
This vulnerability does not affect Red Hat Enterprise Linux 6, 7, and 8, because our binary RPMs of xterm are not shipped with the sixel-graphics functionality enabled, where the vulnerability is present.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | xterm | Not affected | ||
| Red Hat Enterprise Linux 6 | xterm | Not affected | ||
| Red Hat Enterprise Linux 7 | xterm | Not affected | ||
| Red Hat Enterprise Linux 8 | xterm | Not affected | ||
| Red Hat Enterprise Linux 9 | xterm | Fixed | RHSA-2025:14075 | 19.08.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
xterm through Patch 370 when Sixel support is enabled allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
xterm through Patch 370, when Sixel support is enabled, allows attacke ...
EPSS
5.5 Medium
CVSS3