Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-44617

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

Published

2023-02-06T23:15:09.787

Last Modified

2025-03-25T20:15:15.493

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-835

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	x.org	libxpm	< 3.5.15	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=2160193 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28 ([email protected])
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9 ([email protected])
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html ([email protected])
https://lists.x.org/archives/xorg-announce/2023-January/003312.html ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2160193 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28 (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2023-January/003312.html (af854a3a-2127-422b-91ae-364da2661108)