CVE-2023-0645

2023-04-1114:15:07

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-0645

out of bounds read

libjxl

security vulnerability

upgrade

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

Affected configurations

Vulners

NVD

Node

libjxllibjxlRange0.7.0–0.8.1

CPENameOperatorVersion
libjxl_project:libjxllibjxl project libjxllt0.8.1

CPE	Name	Operator	Version
libjxl_project:libjxl	libjxl project libjxl	lt	0.8.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Libjxl",
    "repo": "https://github.com/libjxl/libjxl",
    "vendor": "Libjxl",
    "versions": [
      {
        "lessThan": "0.8.1",
        "status": "affected",
        "version": "0.7.0",
        "versionType": "custom"
      }
    ]
  }
]