Lucene search

[email protected]NVD:CVE-2023-0645

HistoryApr 11, 2023 - 2:15 p.m.

CVE-2023-0645

2023-04-1114:15:07

CWE-125

[email protected]

web.nvd.nist.gov

libjxl

out of bounds read

exif handler

upgrade

version 0.8.1

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

Affected configurations

Nvd

Node

libjxl_projectlibjxlRange<0.8.1

VendorProductVersionCPE
libjxl_projectlibjxl*cpe:2.3:a:libjxl_project:libjxl:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libjxl_project	libjxl	*	cpe:2.3:a:libjxl_project:libjxl::::::::

References

github.com/libjxl/libjxl/pull/2101

github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

Related for NVD:CVE-2023-0645

ubuntucve1 alpinelinux1 osv1 debiancve1 veracode1 cve1 prion1 cvelist1