Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-dwpw-gbyx-9bcm

Summary

Loop with Unreachable Exit Condition ('Infinite Loop')
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

Aliases

alias	CVE-2022-44617

Fixed_packages

url	pkg:conan/libxpm@3.5.15
purl	pkg:conan/libxpm@3.5.15
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:conan/libxpm@3.5.15

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-44617

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22268
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-44617

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160193
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160193

reference_url	https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28
reference_id
reference_type
scores
url	https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28

reference_url	https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9
reference_id
reference_type
scores
url	https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9

reference_url	https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html

reference_url	https://lists.x.org/archives/xorg-announce/2023-January/003312.html
reference_id
reference_type
scores
url	https://lists.x.org/archives/xorg-announce/2023-January/003312.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-44617
reference_id	CVE-2022-44617
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-44617

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	835
name	Loop with Unreachable Exit Condition ('Infinite Loop')
description	The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dwpw-gbyx-9bcm

Vulnerability Instance