X.Org libXpm 拒绝服务漏洞(CVE-2022-46285)

admin

0
文章

0
评论

2023-11-30 04:02:40 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 X.Org libXpm 拒绝服务漏洞(CVE-2022-46285)

CVE编号

CVE-2022-46285

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-01-17

漏洞描述

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://www.openwall.com/lists/oss-security/2023/10/03/1
http://www.openwall.com/lists/oss-security/2023/10/03/10
https://bugzilla.redhat.com/show_bug.cgi?id=2160092
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9
https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html
https://lists.x.org/archives/xorg-announce/2023-January/003312.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	libxpm_project	libxpm	*		Up to (excluding) 3.5.15
	运行在以下环境
	系统	alpine_3.14	libxpm	*		Up to (excluding) 3.5.15-r0
	运行在以下环境
	系统	alpine_3.15	libxpm	*		Up to (excluding) 3.5.15-r0
	运行在以下环境
	系统	alpine_3.16	libxpm	*		Up to (excluding) 3.5.15-r0
	运行在以下环境
	系统	alpine_3.17	libxpm	*		Up to (excluding) 3.5.15-r0
	运行在以下环境
	系统	alpine_3.18	libxpm	*		Up to (excluding) 3.5.15-r0
	运行在以下环境
	系统	alpine_edge	libxpm	*		Up to (excluding) 3.5.15-r0
	运行在以下环境
	系统	amazon_2	libXpm	*		Up to (excluding) 3.5.12-9.amzn2.0.1
	运行在以下环境
	系统	amazon_2023	libXpm	*		Up to (excluding) 3.5.15-2.amzn2023.0.1
	运行在以下环境
	系统	amazon_AMI	libXpm	*		Up to (excluding) 3.5.10-2.10.amzn1
	运行在以下环境
	系统	anolis_os_8	libXpm	*		Up to (excluding) 3.5.12-9.0.1
	运行在以下环境
	系统	centos_8	libXpm	*		Up to (excluding) 3.5.12-9.el8_7
	运行在以下环境
	系统	debian_10	libxpm	*		Up to (excluding) 1:3.5.12-1+deb10u1
	运行在以下环境
	系统	debian_11	libxpm	*		Up to (excluding) 1:3.5.12-1.1~deb11u1
	运行在以下环境
	系统	debian_12	libxpm	*		Up to (excluding) 1:3.5.12-1.1
	运行在以下环境
	系统	debian_sid	libxpm	*		Up to (excluding) 1:3.5.12-1.1
	运行在以下环境
	系统	fedora_36	libXpm	*		Up to (excluding) 3.5.15-2.fc36
	运行在以下环境
	系统	fedora_37	libXpm-devel	*		Up to (excluding) 3.5.15-2.fc37
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	libXpm	*		Up to (excluding) 3.5.13-2.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	libXpm	*		Up to (excluding) 3.5.13-2.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP3	libXpm	*		Up to (excluding) 3.5.13-2.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	libXpm	*		Up to (excluding) 3.5.13-2.a.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP3	libXpm	*		Up to (excluding) 3.5.13-2.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	libXpm	*		Up to (excluding) 3.5.13-2.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	libXpm	*		Up to (excluding) 3.5.13-2.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP3	libXpm	*		Up to (excluding) 3.5.13-2.ky10
	运行在以下环境
	系统	opensuse_Leap_15.4	libXpm4-32bit	*		Up to (excluding) 3.5.12-150000.3.7.2
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 3.5.12-9.el8_7
	运行在以下环境
	系统	oracle_9	oraclelinux-release	*		Up to (excluding) 3.5.13-8.el9_1
	运行在以下环境
	系统	redhat_8	libXpm	*		Up to (excluding) 3.5.12-9.el8_7
	运行在以下环境
	系统	redhat_9	libXpm-devel	*		Up to (excluding) 3.5.13-8.el9_1
	运行在以下环境
系统	suse_12_SP5	libXpm4-32bit	*		Up to (excluding) 3.5.11-6.7.1
运行在以下环境
系统	ubuntu_18.04	libxpm	*		Up to (excluding) 1:3.5.12-1ubuntu0.18.04.2
运行在以下环境
系统	ubuntu_20.04	libxpm	*		Up to (excluding) 1:3.5.12-1ubuntu0.20.04.1
运行在以下环境
系统	ubuntu_22.04	libxpm	*		Up to (excluding) 1:3.5.12-1ubuntu0.22.04.1
运行在以下环境
系统	ubuntu_22.10	libxpm	*		Up to (excluding) 1:3.5.12-1ubuntu0.22.10.1
运行在以下环境
系统	unionos_a	libXpm	*		Up to (excluding) libXpm-3.5.12-9.uelc20.3
运行在以下环境
系统	unionos_d	libxpm	*		Up to (excluding) 1:3.5.12.1-deepin1
运行在以下环境
系统	unionos_e	libxpm	*		Up to (excluding) libXpm-3.5.13-2.uel20