Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apk/alpine/libxpm@3.5.15-r0?arch=aarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/libxpm@3.5.15-r0?arch=aarch64&distroversion=edge&reponame=main
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-n7q9-a364-6uc2 Loop with Unreachable Exit Condition ('Infinite Loop') A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE-2022-44617
VCID-r9ag-ykhs-h3cz Loop with Unreachable Exit Condition ('Infinite Loop') A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. CVE-2022-46285
VCID-xq3s-t6bh-pydz Untrusted Search Path A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. CVE-2022-4883

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-06T04:48:43.522928+00:00 Alpine Linux Importer Fixing VCID-xq3s-t6bh-pydz https://secdb.alpinelinux.org/edge/main.json 38.1.0
2026-04-06T04:46:18.516264+00:00 Alpine Linux Importer Fixing VCID-r9ag-ykhs-h3cz https://secdb.alpinelinux.org/edge/main.json 38.1.0
2026-04-03T17:52:40.085301+00:00 Alpine Linux Importer Fixing VCID-n7q9-a364-6uc2 https://secdb.alpinelinux.org/edge/main.json 38.1.0