{"api_version":"1","generated_at":"2026-04-22T22:49:55+00:00","cve":"CVE-2022-4883","urls":{"html":"https://cve.report/CVE-2022-4883","api":"https://cve.report/api/cve/CVE-2022-4883.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-4883","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-4883"},"summary":{"title":"CVE-2022-4883","description":"A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-02-07 19:15:00","updated_at":"2023-10-17 15:55:00"},"problem_types":["CWE-426"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160213","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2160213","refsource":"MISC","tags":[],"title":"2160213 – (CVE-2022-4883) CVE-2022-4883 libXpm: compression commands depend on $PATH","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html","name":"[debian-lts-announce] 20230620 [SECURITY] [DLA 3459-1] libxpm security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3459-1] libxpm security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.x.org/archives/xorg-announce/2023-January/003312.html","name":"https://lists.x.org/archives/xorg-announce/2023-January/003312.html","refsource":"MISC","tags":[],"title":"X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9","name":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9","refsource":"MISC","tags":[],"title":"Issues handling XPM files in libXpm prior to 3.5.15 (!9) · Merge requests · xorg / lib / libXpm · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669","name":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669","refsource":"MISC","tags":[],"title":"Fix CVE-2022-4883: compression commands depend on $PATH (515294bb) · Commits · xorg / lib / libXpm · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-4883","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4883","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"4883","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libxpm_project","cpe5":"libxpm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"4883","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"libxpm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-4883","qid":"160405","title":"Oracle Enterprise Linux Security Update for libxpm (ELSA-2023-0377)"},{"cve":"CVE-2022-4883","qid":"160419","title":"Oracle Enterprise Linux Security Update for libxpm (ELSA-2023-0383)"},{"cve":"CVE-2022-4883","qid":"160427","title":"Oracle Enterprise Linux Security Update for libxpm (ELSA-2023-0379)"},{"cve":"CVE-2022-4883","qid":"184077","title":"Debian Security Update for libxpm (CVE-2022-4883)"},{"cve":"CVE-2022-4883","qid":"199109","title":"Ubuntu Security Notification for libXpm Vulnerabilities (USN-5807-1)"},{"cve":"CVE-2022-4883","qid":"199563","title":"Ubuntu Security Notification for libXpm Vulnerabilities (USN-5807-2)"},{"cve":"CVE-2022-4883","qid":"241104","title":"Red Hat Update for libxpm (RHSA-2023:0377)"},{"cve":"CVE-2022-4883","qid":"241108","title":"Red Hat Update for libxpm (RHSA-2023:0382)"},{"cve":"CVE-2022-4883","qid":"241109","title":"Red Hat Update for libxpm (RHSA-2023:0383)"},{"cve":"CVE-2022-4883","qid":"241114","title":"Red Hat Update for libxpm (RHSA-2023:0381)"},{"cve":"CVE-2022-4883","qid":"241116","title":"Red Hat Update for libxpm (RHSA-2023:0379)"},{"cve":"CVE-2022-4883","qid":"241118","title":"Red Hat Update for libxpm (RHSA-2023:0378)"},{"cve":"CVE-2022-4883","qid":"241598","title":"Red Hat Update for libxpm (RHSA-2023:0384)"},{"cve":"CVE-2022-4883","qid":"241648","title":"Red Hat Update for libxpm (RHSA-2023:0380)"},{"cve":"CVE-2022-4883","qid":"257211","title":"CentOS Security Update for libXpm (CESA-2023:0377)"},{"cve":"CVE-2022-4883","qid":"283624","title":"Fedora Security Update for libXpm (FEDORA-2023-1bd07375a7)"},{"cve":"CVE-2022-4883","qid":"283635","title":"Fedora Security Update for libXpm (FEDORA-2023-49dbeb6b03)"},{"cve":"CVE-2022-4883","qid":"296099","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 57.144.3 Missing (CPUAPR2023)"},{"cve":"CVE-2022-4883","qid":"354753","title":"Amazon Linux Security Advisory for libXpm : ALAS-2023-1693"},{"cve":"CVE-2022-4883","qid":"354782","title":"Amazon Linux Security Advisory for libXpm : ALAS2-2023-1962"},{"cve":"CVE-2022-4883","qid":"355068","title":"Amazon Linux Security Advisory for libXpm : AL2012-2023-392"},{"cve":"CVE-2022-4883","qid":"355197","title":"Amazon Linux Security Advisory for libXpm : ALAS2023-2023-107"},{"cve":"CVE-2022-4883","qid":"377948","title":"Alibaba Cloud Linux Security Update for libxpm (ALINUX2-SA-2023:0003)"},{"cve":"CVE-2022-4883","qid":"377954","title":"Alibaba Cloud Linux Security Update for libxpm (ALINUX3-SA-2023:0011)"},{"cve":"CVE-2022-4883","qid":"502637","title":"Alpine Linux Security Update for libxpm"},{"cve":"CVE-2022-4883","qid":"504114","title":"Alpine Linux Security Update for libxpm"},{"cve":"CVE-2022-4883","qid":"6000030","title":"Debian Security Update for libxpm (DLA 3459-1)"},{"cve":"CVE-2022-4883","qid":"672739","title":"EulerOS Security Update for libxpm (EulerOS-SA-2023-1475)"},{"cve":"CVE-2022-4883","qid":"672742","title":"EulerOS Security Update for libxpm (EulerOS-SA-2023-1450)"},{"cve":"CVE-2022-4883","qid":"672794","title":"EulerOS Security Update for libxpm (EulerOS-SA-2023-1556)"},{"cve":"CVE-2022-4883","qid":"672816","title":"EulerOS Security Update for libxpm (EulerOS-SA-2023-1531)"},{"cve":"CVE-2022-4883","qid":"672863","title":"EulerOS Security Update for libxpm (EulerOS-SA-2023-1615)"},{"cve":"CVE-2022-4883","qid":"672927","title":"EulerOS Security Update for libxpm (EulerOS-SA-2023-1762)"},{"cve":"CVE-2022-4883","qid":"672939","title":"EulerOS Security Update for libxpm (EulerOS-SA-2023-1784)"},{"cve":"CVE-2022-4883","qid":"673059","title":"EulerOS Security Update for libxpm (EulerOS-SA-2023-2158)"},{"cve":"CVE-2022-4883","qid":"691091","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for libxpm (38f213b6-8f3d-4067-91ef-bf14de7ba518)"},{"cve":"CVE-2022-4883","qid":"753577","title":"SUSE Enterprise Linux Security Update for libXpm (SUSE-SU-2023:0171-1)"},{"cve":"CVE-2022-4883","qid":"753580","title":"SUSE Enterprise Linux Security Update for libXpm (SUSE-SU-2023:0165-1)"},{"cve":"CVE-2022-4883","qid":"905400","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libXpm (13248)"},{"cve":"CVE-2022-4883","qid":"907539","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libXpm (13248-1)"},{"cve":"CVE-2022-4883","qid":"940888","title":"AlmaLinux Security Update for libXpm (ALSA-2023:0379)"},{"cve":"CVE-2022-4883","qid":"940902","title":"AlmaLinux Security Update for libXpm (ALSA-2023:0383)"},{"cve":"CVE-2022-4883","qid":"960502","title":"Rocky Linux Security Update for libXpm (RLSA-2023:0379)"},{"cve":"CVE-2022-4883","qid":"960631","title":"Rocky Linux Security Update for libXpm (RLSA-2023:0383)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-4883","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"libXpm","version":{"version_data":[{"version_value":"3.5.15"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-426"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2160213","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160213"},{"refsource":"MISC","name":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9","url":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9"},{"refsource":"MISC","name":"https://lists.x.org/archives/xorg-announce/2023-January/003312.html","url":"https://lists.x.org/archives/xorg-announce/2023-January/003312.html"},{"refsource":"MISC","name":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669","url":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230620 [SECURITY] [DLA 3459-1] libxpm security update","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable."}]}},"nvd":{"publishedDate":"2023-02-07 19:15:00","lastModifiedDate":"2023-10-17 15:55:00","problem_types":["CWE-426"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.15","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}