PT-2023-1171 · Libxpm+10 · Libxpm+10

Alan Coopersmith

·

Publicado

2023-01-17

·

Atualizado

2025-03-20

·

CVE-2022-4883

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libXpm (affected versions not specified)
Description A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. This could potentially allow an attacker to execute arbitrary code with elevated privileges.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

ALSA-2023:0379
ALSA-2023:0383
ALT-PU-2023-1069
ALT-PU-2023-1191
ALT-PU-2023-1199
ALT-PU-2023-6469
AZL-13248
BDU:2023-00388
CESA-2023_0377
CESA-2023_0379
CVE-2022-4883
DLA-3459-1
MGASA-2023-0031
OESA-2023-1078
OPENSUSE-SU-2023_0171-1
OPENSUSE-SU-2024:12617-1
RHSA-2023:0377
RHSA-2023:0378
RHSA-2023:0379
RHSA-2023:0380
RHSA-2023:0381
RHSA-2023:0382
RHSA-2023:0383
RHSA-2023:0384
RHSA-2023_0377
RHSA-2023_0379
RHSA-2023_0383
RLSA-2023:0379
RLSA-2023:0383
ROSA-SA-2023-2096
ROSA-SA-2023-2259
SUSE-SU-2023:0165-1
SUSE-SU-2023:0171-1
USN-5807-1
USN-5807-2

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libxpm