Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

Published

2023-02-07T19:15:09.223

Last Modified

2025-03-20T20:15:26.757

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-426

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	x.org	libxpm	< 3.5.15	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=2160213 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669 ([email protected])
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9 ([email protected])
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html ([email protected])
https://lists.x.org/archives/xorg-announce/2023-January/003312.html ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2160213 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669 (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2023-January/003312.html (af854a3a-2127-422b-91ae-364da2661108)