published Correcting the release of the library libxpm 3.5.15 , developed by the X.org project and used for processing files in XPM format. The new version was eliminated by three vulnerabilities , two of which (CVE-202-46285 , CVE-2022-44617) lead to bloating when processing specially designed XPM files. The third vulnerability ( cve-2022-4883 ) allows you to launch arbitrary commands using LIBXPM. When launching privileged processes associated with LIBXPM, for example, programs with the SUID Root flag, vulnerability makes it possible to raise its privileges.
vulnerability is caused by a feature of LIBXPM with compressed XPM files – when processing XPM.z or XPM.gz library using a call Execlp () launches external unpacking utilities (Uncompress or Gunzip), the path to which is calculated on the basis of the Path environment variable. The attack boils down to the placement in the user available to the user, which is present in the list of PATH, its own executable UNCOMPRESS or GUNZIP files, which will be made when launching the application using Libxpm.
Vulnerability eliminated replacement of the ExeclP call to absolute ways to utilities. Additionally added the assembly option “-disable -open-zfile” allows you to disable the processing of compressed files and call external utilities for unpacking.