CVE-2022-4883
Summary
| CVE | CVE-2022-4883 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-02-07 19:15:00 UTC |
|---|
| Updated | 2023-10-17 15:55:00 UTC |
|---|
| Description | A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 2160213 – (CVE-2022-4883) CVE-2022-4883 libXpm: compression commands depend on $PATH |
MISC |
bugzilla.redhat.com |
|
| [SECURITY] [DLA 3459-1] libxpm security update |
MLIST |
lists.debian.org |
|
| X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15 |
MISC |
lists.x.org |
|
| Issues handling XPM files in libXpm prior to 3.5.15 (!9) · Merge requests · xorg / lib / libXpm · GitLab |
MISC |
gitlab.freedesktop.org |
|
| Fix CVE-2022-4883: compression commands depend on $PATH (515294bb) · Commits · xorg / lib / libXpm · GitLab |
MISC |
gitlab.freedesktop.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160405 Oracle Enterprise Linux Security Update for libxpm (ELSA-2023-0377)
- 160419 Oracle Enterprise Linux Security Update for libxpm (ELSA-2023-0383)
- 160427 Oracle Enterprise Linux Security Update for libxpm (ELSA-2023-0379)
- 184077 Debian Security Update for libxpm (CVE-2022-4883)
- 199109 Ubuntu Security Notification for libXpm Vulnerabilities (USN-5807-1)
- 199563 Ubuntu Security Notification for libXpm Vulnerabilities (USN-5807-2)
- 241104 Red Hat Update for libxpm (RHSA-2023:0377)
- 241108 Red Hat Update for libxpm (RHSA-2023:0382)
- 241109 Red Hat Update for libxpm (RHSA-2023:0383)
- 241114 Red Hat Update for libxpm (RHSA-2023:0381)
- 241116 Red Hat Update for libxpm (RHSA-2023:0379)
- 241118 Red Hat Update for libxpm (RHSA-2023:0378)
- 241598 Red Hat Update for libxpm (RHSA-2023:0384)
- 241648 Red Hat Update for libxpm (RHSA-2023:0380)
- 257211 CentOS Security Update for libXpm (CESA-2023:0377)
- 283624 Fedora Security Update for libXpm (FEDORA-2023-1bd07375a7)
- 283635 Fedora Security Update for libXpm (FEDORA-2023-49dbeb6b03)
- 296099 Oracle Solaris 11.4 Support Repository Update (SRU) 57.144.3 Missing (CPUAPR2023)
- 354753 Amazon Linux Security Advisory for libXpm : ALAS-2023-1693
- 354782 Amazon Linux Security Advisory for libXpm : ALAS2-2023-1962
- 355068 Amazon Linux Security Advisory for libXpm : AL2012-2023-392
- 355197 Amazon Linux Security Advisory for libXpm : ALAS2023-2023-107
- 377948 Alibaba Cloud Linux Security Update for libxpm (ALINUX2-SA-2023:0003)
- 377954 Alibaba Cloud Linux Security Update for libxpm (ALINUX3-SA-2023:0011)
- 502637 Alpine Linux Security Update for libxpm
- 504114 Alpine Linux Security Update for libxpm
- 6000030 Debian Security Update for libxpm (DLA 3459-1)
- 672739 EulerOS Security Update for libxpm (EulerOS-SA-2023-1475)
- 672742 EulerOS Security Update for libxpm (EulerOS-SA-2023-1450)
- 672794 EulerOS Security Update for libxpm (EulerOS-SA-2023-1556)
- 672816 EulerOS Security Update for libxpm (EulerOS-SA-2023-1531)
- 672863 EulerOS Security Update for libxpm (EulerOS-SA-2023-1615)
- 672927 EulerOS Security Update for libxpm (EulerOS-SA-2023-1762)
- 672939 EulerOS Security Update for libxpm (EulerOS-SA-2023-1784)
- 673059 EulerOS Security Update for libxpm (EulerOS-SA-2023-2158)
- 691091 Free Berkeley Software Distribution (FreeBSD) Security Update for libxpm (38f213b6-8f3d-4067-91ef-bf14de7ba518)
- 753577 SUSE Enterprise Linux Security Update for libXpm (SUSE-SU-2023:0171-1)
- 753580 SUSE Enterprise Linux Security Update for libXpm (SUSE-SU-2023:0165-1)
- 905400 Common Base Linux Mariner (CBL-Mariner) Security Update for libXpm (13248)
- 907539 Common Base Linux Mariner (CBL-Mariner) Security Update for libXpm (13248-1)
- 940888 AlmaLinux Security Update for libXpm (ALSA-2023:0379)
- 940902 AlmaLinux Security Update for libXpm (ALSA-2023:0383)
- 960502 Rocky Linux Security Update for libXpm (RLSA-2023:0379)
- 960631 Rocky Linux Security Update for libXpm (RLSA-2023:0383)
