UBUNTU-CVE-2022-4883
- Source
- https://ubuntu.com/security/CVE-2022-4883
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4883.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-4883
- Upstream
- Downstream
- Related
- Published
- 2023-01-17T00:00:00Z
- Modified
- 2025-10-24T04:53:19Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
- References
Affected packages
Ubuntu:14.04:LTS
motif
Package
- Name
- motif
- Purl
- pkg:deb/ubuntu/motif@2.3.4-5ubuntu0.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmotif-common",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "libmotif-dev",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "libmotif3",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "libmotif4",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "libmrm4",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "libuil4",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "libxm4",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "motif-clients",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "mwm",
"binary_version": "2.3.4-5ubuntu0.1"
},
{
"binary_name": "uil",
"binary_version": "2.3.4-5ubuntu0.1"
}
]
}Ubuntu:16.04:LTS
motif
Package
- Name
- motif
- Purl
- pkg:deb/ubuntu/motif@2.3.4-10?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmotif-common",
"binary_version": "2.3.4-10"
},
{
"binary_name": "libmotif-dev",
"binary_version": "2.3.4-10"
},
{
"binary_name": "libmrm4",
"binary_version": "2.3.4-10"
},
{
"binary_name": "libuil4",
"binary_version": "2.3.4-10"
},
{
"binary_name": "libxm4",
"binary_version": "2.3.4-10"
},
{
"binary_name": "mwm",
"binary_version": "2.3.4-10"
},
{
"binary_name": "uil",
"binary_version": "2.3.4-10"
}
]
}Ubuntu:18.04:LTS
libxpm
Package
- Name
- libxpm
- Purl
- pkg:deb/ubuntu/libxpm@1:3.5.12-1ubuntu0.18.04.2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.5.12-1ubuntu0.18.04.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libxpm-dev",
"binary_version": "1:3.5.12-1ubuntu0.18.04.2"
},
{
"binary_name": "libxpm4",
"binary_version": "1:3.5.12-1ubuntu0.18.04.2"
},
{
"binary_name": "xpmutils",
"binary_version": "1:3.5.12-1ubuntu0.18.04.2"
}
],
"availability": "No subscription required"
}motif
Package
- Name
- motif
- Purl
- pkg:deb/ubuntu/motif@2.3.8-2build1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmotif-common",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "libmotif-dev",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "libmrm4",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "libuil4",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "libxm4",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "mwm",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "uil",
"binary_version": "2.3.8-2build1"
}
]
}Ubuntu:20.04:LTS
libxpm
Package
- Name
- libxpm
- Purl
- pkg:deb/ubuntu/libxpm@1:3.5.12-1ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.5.12-1ubuntu0.20.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libxpm-dev",
"binary_version": "1:3.5.12-1ubuntu0.20.04.1"
},
{
"binary_name": "libxpm4",
"binary_version": "1:3.5.12-1ubuntu0.20.04.1"
},
{
"binary_name": "xpmutils",
"binary_version": "1:3.5.12-1ubuntu0.20.04.1"
}
],
"availability": "No subscription required"
}motif
Package
- Name
- motif
- Purl
- pkg:deb/ubuntu/motif@2.3.8-2build1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmotif-common",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "libmotif-dev",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "libmrm4",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "libuil4",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "libxm4",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "mwm",
"binary_version": "2.3.8-2build1"
},
{
"binary_name": "uil",
"binary_version": "2.3.8-2build1"
}
]
}Ubuntu:22.04:LTS
libxpm
Package
- Name
- libxpm
- Purl
- pkg:deb/ubuntu/libxpm@1:3.5.12-1ubuntu0.22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.5.12-1ubuntu0.22.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libxpm-dev",
"binary_version": "1:3.5.12-1ubuntu0.22.04.1"
},
{
"binary_name": "libxpm4",
"binary_version": "1:3.5.12-1ubuntu0.22.04.1"
},
{
"binary_name": "xpmutils",
"binary_version": "1:3.5.12-1ubuntu0.22.04.1"
}
],
"availability": "No subscription required"
}motif
Package
- Name
- motif
- Purl
- pkg:deb/ubuntu/motif@2.3.8-3?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmotif-common",
"binary_version": "2.3.8-3"
},
{
"binary_name": "libmotif-dev",
"binary_version": "2.3.8-3"
},
{
"binary_name": "libmrm4",
"binary_version": "2.3.8-3"
},
{
"binary_name": "libuil4",
"binary_version": "2.3.8-3"
},
{
"binary_name": "libxm4",
"binary_version": "2.3.8-3"
},
{
"binary_name": "mwm",
"binary_version": "2.3.8-3"
},
{
"binary_name": "uil",
"binary_version": "2.3.8-3"
}
]
}Ubuntu:24.04:LTS
motif
Package
- Name
- motif
- Purl
- pkg:deb/ubuntu/motif@2.3.8-3.1build1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmotif-common",
"binary_version": "2.3.8-3.1build1"
},
{
"binary_name": "libmotif-dev",
"binary_version": "2.3.8-3.1build1"
},
{
"binary_name": "libmrm4",
"binary_version": "2.3.8-3.1build1"
},
{
"binary_name": "libuil4",
"binary_version": "2.3.8-3.1build1"
},
{
"binary_name": "libxm4",
"binary_version": "2.3.8-3.1build1"
},
{
"binary_name": "mwm",
"binary_version": "2.3.8-3.1build1"
},
{
"binary_name": "uil",
"binary_version": "2.3.8-3.1build1"
}
]
}Ubuntu:25.04
motif
Package
- Name
- motif
- Purl
- pkg:deb/ubuntu/motif@2.3.8-4?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmotif-common",
"binary_version": "2.3.8-4"
},
{
"binary_name": "libmotif-dev",
"binary_version": "2.3.8-4"
},
{
"binary_name": "libmrm4",
"binary_version": "2.3.8-4"
},
{
"binary_name": "libuil4",
"binary_version": "2.3.8-4"
},
{
"binary_name": "libxm4",
"binary_version": "2.3.8-4"
},
{
"binary_name": "mwm",
"binary_version": "2.3.8-4"
},
{
"binary_name": "uil",
"binary_version": "2.3.8-4"
}
]
}Ubuntu:25.10
motif
Package
- Name
- motif
- Purl
- pkg:deb/ubuntu/motif@2.3.8-5?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmotif-common",
"binary_version": "2.3.8-5"
},
{
"binary_name": "libmotif-dev",
"binary_version": "2.3.8-5"
},
{
"binary_name": "libmrm4",
"binary_version": "2.3.8-5"
},
{
"binary_name": "libuil4",
"binary_version": "2.3.8-5"
},
{
"binary_name": "libxm4",
"binary_version": "2.3.8-5"
},
{
"binary_name": "mwm",
"binary_version": "2.3.8-5"
},
{
"binary_name": "uil",
"binary_version": "2.3.8-5"
}
]
}Ubuntu:Pro:14.04:LTS
libxpm
Package
- Name
- libxpm
- Purl
- pkg:deb/ubuntu/libxpm@1:3.5.10-1ubuntu0.1+esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:16.04:LTS
libxpm
Package
- Name
- libxpm
- Purl
- pkg:deb/ubuntu/libxpm@1:3.5.11-1ubuntu0.16.04.1+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.5.11-1ubuntu0.16.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libxpm-dev",
"binary_version": "1:3.5.11-1ubuntu0.16.04.1+esm1"
},
{
"binary_name": "libxpm4",
"binary_version": "1:3.5.11-1ubuntu0.16.04.1+esm1"
},
{
"binary_name": "xpmutils",
"binary_version": "1:3.5.11-1ubuntu0.16.04.1+esm1"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}