CVE-2022-4883

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-4883
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4883.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4883
Related
Published
2023-02-07T19:15:09Z
Modified
2025-05-17T14:21:41.323922Z
Downstream
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

References

Affected packages

Alpine:v3.14 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.15-r0

Affected versions

3.*

3.5.7-r0
3.5.8-r0
3.5.8-r1
3.5.8-r2
3.5.8-r3
3.5.8-r4
3.5.9-r0
3.5.9-r1
3.5.9-r2
3.5.9-r3
3.5.10-r0
3.5.11-r0
3.5.11-r1
3.5.12-r0
3.5.13-r0

Alpine:v3.15 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.15-r0

Affected versions

3.*

3.5.7-r0
3.5.8-r0
3.5.8-r1
3.5.8-r2
3.5.8-r3
3.5.8-r4
3.5.9-r0
3.5.9-r1
3.5.9-r2
3.5.9-r3
3.5.10-r0
3.5.11-r0
3.5.11-r1
3.5.12-r0
3.5.13-r0

Alpine:v3.16 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.15-r0

Affected versions

3.*

3.5.7-r0
3.5.8-r0
3.5.8-r1
3.5.8-r2
3.5.8-r3
3.5.8-r4
3.5.9-r0
3.5.9-r1
3.5.9-r2
3.5.9-r3
3.5.10-r0
3.5.11-r0
3.5.11-r1
3.5.12-r0
3.5.13-r0

Alpine:v3.17 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.15-r0

Affected versions

3.*

3.5.7-r0
3.5.8-r0
3.5.8-r1
3.5.8-r2
3.5.8-r3
3.5.8-r4
3.5.9-r0
3.5.9-r1
3.5.9-r2
3.5.9-r3
3.5.10-r0
3.5.11-r0
3.5.11-r1
3.5.12-r0
3.5.13-r0
3.5.13-r1
3.5.14-r0

Alpine:v3.18 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.15-r0

Affected versions

3.*

3.5.7-r0
3.5.8-r0
3.5.8-r1
3.5.8-r2
3.5.8-r3
3.5.8-r4
3.5.9-r0
3.5.9-r1
3.5.9-r2
3.5.9-r3
3.5.10-r0
3.5.11-r0
3.5.11-r1
3.5.12-r0
3.5.13-r0
3.5.13-r1
3.5.14-r0

Alpine:v3.19 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.15-r0

Affected versions

3.*

3.5.7-r0
3.5.8-r0
3.5.8-r1
3.5.8-r2
3.5.8-r3
3.5.8-r4
3.5.9-r0
3.5.9-r1
3.5.9-r2
3.5.9-r3
3.5.10-r0
3.5.11-r0
3.5.11-r1
3.5.12-r0
3.5.13-r0
3.5.13-r1
3.5.14-r0

Alpine:v3.20 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.15-r0

Affected versions

3.*

3.5.7-r0
3.5.8-r0
3.5.8-r1
3.5.8-r2
3.5.8-r3
3.5.8-r4
3.5.9-r0
3.5.9-r1
3.5.9-r2
3.5.9-r3
3.5.10-r0
3.5.11-r0
3.5.11-r1
3.5.12-r0
3.5.13-r0
3.5.13-r1
3.5.14-r0

Alpine:v3.21 / libxpm

Package

Name
libxpm
Purl
pkg:apk/alpine/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.15-r0

Affected versions

3.*

3.5.7-r0
3.5.8-r0
3.5.8-r1
3.5.8-r2
3.5.8-r3
3.5.8-r4
3.5.9-r0
3.5.9-r1
3.5.9-r2
3.5.9-r3
3.5.10-r0
3.5.11-r0
3.5.11-r1
3.5.12-r0
3.5.13-r0
3.5.13-r1
3.5.14-r0

Debian:11 / libxpm

Package

Name
libxpm
Purl
pkg:deb/debian/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.5.12-1.1~deb11u1

Affected versions

1:3.*

1:3.5.12-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libxpm

Package

Name
libxpm
Purl
pkg:deb/debian/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.5.12-1.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libxpm

Package

Name
libxpm
Purl
pkg:deb/debian/libxpm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.5.12-1.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/xorg/lib/libxpm

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/xorg/lib/libxpm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
515294bb8023a45ff91669
Fixed
515294bb8023a45ff91669

Affected versions

Other

MODULAR_COPY
XACE-SELINUX-MERGE
XORG-6_7_99_1
XORG-6_7_99_2
XORG-6_7_99_901
XORG-6_7_99_902
XORG-6_7_99_903
XORG-6_7_99_904
XORG-6_8_0
XORG-6_8_99_1
XORG-6_8_99_10
XORG-6_8_99_11
XORG-6_8_99_12
XORG-6_8_99_13
XORG-6_8_99_14
XORG-6_8_99_15
XORG-6_8_99_16
XORG-6_8_99_2
XORG-6_8_99_3
XORG-6_8_99_4
XORG-6_8_99_5
XORG-6_8_99_6
XORG-6_8_99_7
XORG-6_8_99_8
XORG-6_8_99_9
XORG-6_8_99_900
XORG-6_8_99_901
XORG-6_8_99_902
XORG-6_8_99_903
XORG-6_99_99_900
XORG-6_99_99_901
XORG-6_99_99_902
XORG-6_99_99_903
XORG-6_99_99_904
XORG-7_0
XORG-7_0_99_901
XORG-7_1
lg3d-base
lg3d-rel-0-7-0
libXpm-3_5_5
rel-0-6-1
sco_port_update-base
xf86-012804-2330
xf86-4_3_0_1
xf86-4_3_99_16
xf86-4_3_99_901
xf86-4_3_99_902
xf86-4_3_99_903
xf86-4_3_99_903_special
xf86-4_4_0
xf86-4_4_99_1

libXpm-3.*

libXpm-3.5.10
libXpm-3.5.11
libXpm-3.5.12
libXpm-3.5.13
libXpm-3.5.14
libXpm-3.5.6
libXpm-3.5.7
libXpm-3.5.8
libXpm-3.5.9