Bug 2048676 (CVE-2022-24130) - CVE-2022-24130 xterm: Buffer overflow in set_sixel in graphics_sixel.c
Summary: CVE-2022-24130 xterm: Buffer overflow in set_sixel in graphics_sixel.c
Status: NEW
Alias: CVE-2022-24130
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2048677 2050673
Blocks: 2048678
TreeView+ depends on / blocked
Reported: 2022-01-31 17:18 UTC by Pedro Sampaio
Modified: 2022-09-19 19:55 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A buffer-overflow vulnerability was found in xterm's set_sixel() function in the 'graphics_sixel.c' file. This flaw allows an attacker to trigger a buffer overflow via crafted text when the sixel-graphics functionality is enabled. This issue causes xterm to crash, affecting the availability of an application, leading to a denial of service.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Pedro Sampaio 2022-01-31 17:18:26 UTC
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.



Comment 1 Pedro Sampaio 2022-01-31 17:18:48 UTC
Created xterm tracking bugs for this issue:

Affects: fedora-all [bug 2048677]

Comment 2 juneau 2022-01-31 19:50:28 UTC
Marking services-openshift-cluster-manager affected/delegated for presence of affected code found in the following containers:
- https://quay.io/app-sre/selenium-standalone-chrome-debug:latest
- https://quay.io/app-sre/selenium-standalone-firefox-debug:latest

Note You need to log in before you can comment on or make changes to this bug.