Overview

File _patchinfo of Package patchinfo.27381

<patchinfo incident="27381">
  <issue tracker="cve" id="2022-44617"/>
  <issue tracker="cve" id="2022-46285"/>
  <issue tracker="cve" id="2022-4883"/>
  <issue tracker="bnc" id="1207029">VUL-0: EMBARGOED: CVE-2022-46285: libXpm: Infinite loop on unclosed comments</issue>
  <issue tracker="bnc" id="1207031">VUL-0: EMBARGOED: CVE-2022-4883: libXpm: compression commands depend on $PATH</issue>
  <issue tracker="bnc" id="1207030">VUL-0: EMBARGOED: CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height</issue>
  <packager>sndirsch</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libXpm</summary>
  <description>This update for libXpm fixes the following issues:

- CVE-2022-46285: Fixed an infinite loop that could be triggered
  when reading a XPM image with a C-style comment that is never
  closed (bsc#1207029).
- CVE-2022-44617: Fixed an excessive resource consumption that could
  be triggered when reading small crafted XPM image (bsc#1207030).
- CVE-2022-4883: Fixed an issue that made decompression commands
  susceptible to PATH environment variable manipulation attacks
  (bsc#1207031).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places