Vulnerability CVE-2022-24130
Published: 2022-01-31

Description:
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

Type:

CWE-120

 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Invisible-island -> Xterm 

 References:
https://invisible-island.net/xterm/xterm.log.html
https://www.openwall.com/lists/oss-security/2022/01/30/2
https://www.openwall.com/lists/oss-security/2022/01/30/3
https://twitter.com/nickblack/status/1487731459398025216
https://lists.debian.org/debian-lts-announce/2022/02/msg00007.html
Copyright 2024, cxsecurity.com

 

Back to Top