Bug 2048676 (CVE-2022-24130) - CVE-2022-24130 xterm: Buffer overflow in set_sixel in graphics_sixel.c
Summary: CVE-2022-24130 xterm: Buffer overflow in set_sixel in graphics_sixel.c
Keywords:
Status: NEW
Alias: CVE-2022-24130
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2048677 2050673
Blocks: 2048678
TreeView+ depends on / blocked
 
Reported: 2022-01-31 17:18 UTC by Pedro Sampaio
Modified: 2022-09-19 19:55 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A buffer-overflow vulnerability was found in xterm's set_sixel() function in the 'graphics_sixel.c' file. This flaw allows an attacker to trigger a buffer overflow via crafted text when the sixel-graphics functionality is enabled. This issue causes xterm to crash, affecting the availability of an application, leading to a denial of service.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2022-01-31 17:18:26 UTC
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

References:

https://invisible-island.net/xterm/xterm.log.html
https://www.openwall.com/lists/oss-security/2022/01/30/2
https://www.openwall.com/lists/oss-security/2022/01/30/3
https://twitter.com/nickblack/status/1487731459398025216

Comment 1 Pedro Sampaio 2022-01-31 17:18:48 UTC
Created xterm tracking bugs for this issue:

Affects: fedora-all [bug 2048677]

Comment 2 juneau 2022-01-31 19:50:28 UTC
Marking services-openshift-cluster-manager affected/delegated for presence of affected code found in the following containers:
- https://quay.io/app-sre/selenium-standalone-chrome-debug:latest
- https://quay.io/app-sre/selenium-standalone-firefox-debug:latest


Note You need to log in before you can comment on or make changes to this bug.