PT-2023-1171 · Libxpm+10 · Libxpm+10

Alan Coopersmith

Published

2023-01-17

Updated

2025-03-20

CVE-2022-4883

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libXpm (affected versions not specified)

Description A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. This could potentially allow an attacker to execute arbitrary code with elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

ALSA-2023:0379

ALSA-2023:0383

ALT-PU-2023-1069

ALT-PU-2023-1191

ALT-PU-2023-1199

ALT-PU-2023-6469

AZL-13248

BDU:2023-00388

CESA-2023_0377

CESA-2023_0379

CVE-2022-4883

DLA-3459-1

MGASA-2023-0031

OESA-2023-1078

OPENSUSE-SU-2023_0171-1

OPENSUSE-SU-2024:12617-1

RHSA-2023:0377

RHSA-2023:0378

RHSA-2023:0379

RHSA-2023:0380

RHSA-2023:0381

RHSA-2023:0382

RHSA-2023:0383

RHSA-2023:0384

RHSA-2023_0377

RHSA-2023_0379

RHSA-2023_0383

RLSA-2023:0379

RLSA-2023:0383

ROSA-SA-2023-2096

ROSA-SA-2023-2259

SUSE-SU-2023:0165-1

SUSE-SU-2023:0171-1

USN-5807-1

USN-5807-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libxpm

PT-2023-1171 · Libxpm+10 · Libxpm+10

CVE-2022-4883

Weakness Enumeration

Related Identifiers

Affected Products

References · 80