cvedb.io
CVE-2022-45063
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-11-10T16:15:12.307 · Last modified 2026-06-17T05:09:16.857

Summary

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

Affected products

invisible-island — xterm

Does this affect you?

Add your gear to cvedb and we'll alert you only when invisible-island ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.