Lucene search

GoogleOSV:CVE-2023-0645

HistoryApr 11, 2023 - 2:15 p.m.

CVE-2023-0645

2023-04-1114:15:07

Google

osv.dev

vulnerability

libjxl

out of bounds

exif handler

upgrade

attacker

crafted file

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

CPENameOperatorVersion
libjxleq0.7rc
libjxleq0.7-base
libjxleq0.3.4
libjxleq0.3.7
libjxleq0.8.0
libjxleq0.8-snapshot
libjxleq0.3.3
libjxleq0.5-base
libjxleq0.2.0
libjxleq0.1.0

Name	Operator	Version
libjxl	eq	0.7rc
libjxl	eq	0.7-base
libjxl	eq	0.3.4
libjxl	eq	0.3.7
libjxl	eq	0.8.0
libjxl	eq	0.8-snapshot
libjxl	eq	0.3.3
libjxl	eq	0.5-base
libjxl	eq	0.2.0
libjxl	eq	0.1.0

Rows per page:

1-10 of 211

References

github.com/libjxl/libjxl/pull/2101

github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

Related for OSV:CVE-2023-0645