Wind River Support Network

HomeDefectsLIN1021-5071
Fixed

LIN1021-5071 : Security Advisory - libxpm - CVE-2022-4883

Created: Jan 17, 2023    Updated: Jun 22, 2023
Resolved Date: Jun 22, 2023
Found In Version: 10.21.20.1
Fix Version: 10.21.20.19
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

https://nvd.nist.gov/vuln/detail/CVE-2022-4883

CVEs


Live chat
Online