ID:8755 - Exploit for Infinite loop in libXpm - CVE-2022-46285
Published: January 20, 2023
Vulnerability identifier: #VU71234
Vulnerability risk: Low
CVE-ID: CVE-2022-46285
CWE-ID: CWE-835
Exploitation vector: Remote access
Vulnerable software:
libXpm
libXpm
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling unclosed comments in XPM images within the ParseComment() function. A remote attacker can trick the victim to open a specially crafted image and cause denial of service conditions.
Remediation
Install updates from vendor's website.