QwikSec

Security Database

CVE

CWE

Training

CVE-2022-4883

Published: Feb 7, 2023

Modified: Mar 20, 2025

PUBLISHED

Description

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

Vendor	Product	Versions
n/a	libXpm	affected `3.5.15`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2160213

https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9

https://lists.x.org/archives/xorg-announce/2023-January/003312.html

https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669

[debian-lts-announce] 20230620 [SECURITY] [DLA 3459-1] libxpm security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.