PT-2022-6590 · Xterm+6 · Xterm+6

Tavis Ormandy

Published

2022-01-31

Updated

2025-08-20

CVE-2022-24130

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions xterm versions through Patch 370

Description The issue is related to a buffer overflow in the set sixel function within the graphics sixel.c component of the xterm terminal emulator. This occurs when Sixel support is enabled and an attacker provides crafted text. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For xterm versions through Patch 370, apply Patch 370 to resolve the issue. As a temporary workaround, consider disabling Sixel support until the patch is applied. Restrict access to the set sixel function in the graphics sixel.c component to minimize the risk of exploitation. Avoid using crafted text that could trigger the buffer overflow in the affected set sixel function.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2025:14075

ALT-PU-2022-1930

ALT-PU-2022-3205

ALT-PU-2022-3213

AZL-8456

BDU:2023-02633

CVE-2022-24130

DLA-2913-1

INFSA-2025_14075

MGASA-2022-0051

OESA-2022-1563

OESA-2022-2072

OPENSUSE-SU-2022_3953-1

OPENSUSE-SU-2024:12733-1

RHSA-2025:14075

RHSA-2025_14075

SUSE-SU-2022:3952-1

SUSE-SU-2022:3953-1

SUSE-SU-2022_3952-1

SUSE-SU-2022_3953-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Red Hat

Rocky Linux

Suse

Xterm

PT-2022-6590 · Xterm+6 · Xterm+6

CVE-2022-24130

Weakness Enumeration

Related Identifiers

Affected Products

References · 49