ALT-PU-2022-1930-1
Closed vulnerabilities
Published: 2023-02-07
BDU:2023-02633
Уязвимость функции set_sixel компонента graphics_sixel.c эмулятора терминала XTerm, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3)
Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2022-01-31
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-24130
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://invisible-island.net/xterm/xterm.log.html
- https://invisible-island.net/xterm/xterm.log.html
- [debian-lts-announce] 20220207 [SECURITY] [DLA 2913-1] xterm security update
- [debian-lts-announce] 20220207 [SECURITY] [DLA 2913-1] xterm security update
- FEDORA-2022-965978ed67
- FEDORA-2022-965978ed67
- FEDORA-2022-9bf751cdf7
- FEDORA-2022-9bf751cdf7
- GLSA-202208-22
- GLSA-202208-22
- https://twitter.com/nickblack/status/1487731459398025216
- https://twitter.com/nickblack/status/1487731459398025216
- https://www.openwall.com/lists/oss-security/2022/01/30/2
- https://www.openwall.com/lists/oss-security/2022/01/30/2
- https://www.openwall.com/lists/oss-security/2022/01/30/3
- https://www.openwall.com/lists/oss-security/2022/01/30/3