Vulnerabilities > CVE-2022-44617 - Infinite Loop vulnerability in X.Org Libxpm

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

x-org

CWE-835

NVD

Published: 2023-02-06

Updated: 2023-11-07

Summary

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

Vulnerable Configurations

Part	Description	Count
Application	X.Org X.Org Libxpm - X.Org Libxpm 3.5.5 X.Org Libxpm 3.5.6 X.Org Libxpm 3.5.7 X.Org Libxpm 3.5.8 X.Org Libxpm 3.5.9 X.Org Libxpm 3.5.10 X.Org Libxpm 3.5.11 X.Org Libxpm 3.5.12 X.Org Libxpm 3.5.13 X.Org Libxpm 3.5.14	11

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://bugzilla.redhat.com/show_bug.cgi?id=2160193
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28
https://lists.x.org/archives/xorg-announce/2023-January/003312.html
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html