{"schema_version":"1.7.2","id":"OESA-2024-2306","modified":"2024-11-01T11:09:28Z","published":"2024-11-01T11:09:28Z","upstream":["CVE-2022-44617","CVE-2022-46285"],"summary":"motif security update","details":"This module is motif run-time environment, which includes the motif shared libraries.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.(CVE-2022-44617)\r\n\r\nA flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.(CVE-2022-46285)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"motif","purl":"pkg:rpm/openEuler/motif\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.8-6.oe2403"}]}],"ecosystem_specific":{"aarch64":["motif-2.3.8-6.oe2403.aarch64.rpm","motif-debuginfo-2.3.8-6.oe2403.aarch64.rpm","motif-debugsource-2.3.8-6.oe2403.aarch64.rpm","motif-devel-2.3.8-6.oe2403.aarch64.rpm","motif-help-2.3.8-6.oe2403.aarch64.rpm"],"src":["motif-2.3.8-6.oe2403.src.rpm"],"x86_64":["motif-2.3.8-6.oe2403.x86_64.rpm","motif-debuginfo-2.3.8-6.oe2403.x86_64.rpm","motif-debugsource-2.3.8-6.oe2403.x86_64.rpm","motif-devel-2.3.8-6.oe2403.x86_64.rpm","motif-help-2.3.8-6.oe2403.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"motif","purl":"pkg:rpm/openEuler/motif\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.8-4.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["motif-2.3.8-4.oe2203sp4.aarch64.rpm","motif-debuginfo-2.3.8-4.oe2203sp4.aarch64.rpm","motif-debugsource-2.3.8-4.oe2203sp4.aarch64.rpm","motif-devel-2.3.8-4.oe2203sp4.aarch64.rpm","motif-help-2.3.8-4.oe2203sp4.aarch64.rpm"],"src":["motif-2.3.8-4.oe2203sp4.src.rpm"],"x86_64":["motif-2.3.8-4.oe2203sp4.x86_64.rpm","motif-debuginfo-2.3.8-4.oe2203sp4.x86_64.rpm","motif-debugsource-2.3.8-4.oe2203sp4.x86_64.rpm","motif-devel-2.3.8-4.oe2203sp4.x86_64.rpm","motif-help-2.3.8-4.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"motif","purl":"pkg:rpm/openEuler/motif\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.8-4.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["motif-2.3.8-4.oe2203sp3.aarch64.rpm","motif-debuginfo-2.3.8-4.oe2203sp3.aarch64.rpm","motif-debugsource-2.3.8-4.oe2203sp3.aarch64.rpm","motif-devel-2.3.8-4.oe2203sp3.aarch64.rpm","motif-help-2.3.8-4.oe2203sp3.aarch64.rpm"],"src":["motif-2.3.8-4.oe2203sp3.src.rpm"],"x86_64":["motif-2.3.8-4.oe2203sp3.x86_64.rpm","motif-debuginfo-2.3.8-4.oe2203sp3.x86_64.rpm","motif-debugsource-2.3.8-4.oe2203sp3.x86_64.rpm","motif-devel-2.3.8-4.oe2203sp3.x86_64.rpm","motif-help-2.3.8-4.oe2203sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"motif","purl":"pkg:rpm/openEuler/motif\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.4-21.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["motif-2.3.4-21.oe2003sp4.aarch64.rpm","motif-debuginfo-2.3.4-21.oe2003sp4.aarch64.rpm","motif-debugsource-2.3.4-21.oe2003sp4.aarch64.rpm","motif-devel-2.3.4-21.oe2003sp4.aarch64.rpm","motif-help-2.3.4-21.oe2003sp4.aarch64.rpm"],"src":["motif-2.3.4-21.oe2003sp4.src.rpm"],"x86_64":["motif-2.3.4-21.oe2003sp4.x86_64.rpm","motif-debuginfo-2.3.4-21.oe2003sp4.x86_64.rpm","motif-debugsource-2.3.4-21.oe2003sp4.x86_64.rpm","motif-devel-2.3.4-21.oe2003sp4.x86_64.rpm","motif-help-2.3.4-21.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"motif","purl":"pkg:rpm/openEuler/motif\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.8-4.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["motif-2.3.8-4.oe2203sp1.aarch64.rpm","motif-debuginfo-2.3.8-4.oe2203sp1.aarch64.rpm","motif-debugsource-2.3.8-4.oe2203sp1.aarch64.rpm","motif-devel-2.3.8-4.oe2203sp1.aarch64.rpm","motif-help-2.3.8-4.oe2203sp1.aarch64.rpm"],"src":["motif-2.3.8-4.oe2203sp1.src.rpm"],"x86_64":["motif-2.3.8-4.oe2203sp1.x86_64.rpm","motif-debuginfo-2.3.8-4.oe2203sp1.x86_64.rpm","motif-debugsource-2.3.8-4.oe2203sp1.x86_64.rpm","motif-devel-2.3.8-4.oe2203sp1.x86_64.rpm","motif-help-2.3.8-4.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2306"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44617"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46285"}],"database_specific":{"severity":"High"}}