Vulnerabilities > CVE-2022-46285 - Infinite Loop vulnerability in X.Org Libxpm

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

x-org

CWE-835

NVD

Published: 2023-02-07

Updated: 2023-10-17

Summary

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

Vulnerable Configurations

Part	Description	Count
Application	X.Org X.Org Libxpm - X.Org Libxpm 3.5.5 X.Org Libxpm 3.5.6 X.Org Libxpm 3.5.7 X.Org Libxpm 3.5.8 X.Org Libxpm 3.5.9 X.Org Libxpm 3.5.10 X.Org Libxpm 3.5.11 X.Org Libxpm 3.5.12 X.Org Libxpm 3.5.13 X.Org Libxpm 3.5.14	11

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://bugzilla.redhat.com/show_bug.cgi?id=2160092
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148
https://lists.x.org/archives/xorg-announce/2023-January/003312.html
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html
http://www.openwall.com/lists/oss-security/2023/10/03/1
http://www.openwall.com/lists/oss-security/2023/10/03/10