CVE-2022-44617 – libXpm: Runaway loop on width of 0 and enormous height
https://notcve.org/view.php?id=CVE-2022-44617
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. • https://bugzilla.redhat.com/show_bug.cgi?id=2160193 https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28 https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9 https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html https://lists.x.org/archives/xorg-announce/2023-January/003312.html https://access.redhat.com/security/cve/CVE-2022-44617 • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-4883 – libXpm: compression commands depend on $PATH
https://notcve.org/view.php?id=CVE-2022-4883
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. • https://bugzilla.redhat.com/show_bug.cgi?id=2160213 https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669 https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9 https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html https://lists.x.org/archives/xorg-announce/2023-January/003312.html https://access.redhat.com/security/cve/CVE-2022-4883 • CWE-426: Untrusted Search Path •
CVE-2022-46285 – libXpm: Infinite loop on unclosed comments
https://notcve.org/view.php?id=CVE-2022-46285
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root. • http://www.openwall.com/lists/oss-security/2023/10/03/1 http://www.openwall.com/lists/oss-security/2023/10/03/10 https://bugzilla.redhat.com/show_bug.cgi?id=2160092 https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148 https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9 https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html https://lists.x.org/archives/xorg-announce/2023-January/003312.html https://access.redhat.com& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-46341 – X.Org Server ProcXIPassiveUngrabDevice Improper Validation of Array Index Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46341
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIPassiveUngrab accede a la memoria fuera de los límites cuando se invoca con un código clave o un código de botón alto. • https://access.redhat.com/security/cve/CVE-2022-46341 https://bugzilla.redhat.com/show_bug.cgi?id=2151756 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA https://security.gentoo.org/glsa/202305-30 https://ww • CWE-787: Out-of-bounds Write •
CVE-2022-46340 – X.Org Server XTestFakeInput Type Confusion Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46340
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. Se encontró una vulnerabilidad en X.Org. • https://access.redhat.com/security/cve/CVE-2022-46340 https://bugzilla.redhat.com/show_bug.cgi?id=2151755 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP https://lists.fedoraproject.org/archives/list/package-announce% • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •