Lucene search

Ubuntu.comUB:CVE-2023-0645

HistoryApr 11, 2023 - 12:00 a.m.

CVE-2023-0645

2023-04-1100:00:00

ubuntu.com

libjxl

out of bounds read

upgrade

exif handler

unix

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.002

Percentile

53.4%

JSON

An out of bounds read exists in libjxl. An attacker using a specifically
crafted file could cause an out of bounds read in the exif handler. We
recommend upgrading to version 0.8.1 or past commit
https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159
https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchjpeg-xl< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	jpeg-xl	< any	UNKNOWN

References

github.com/libjxl/libjxl/pull/2101

github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

launchpad.net/bugs/cve/CVE-2023-0645

nvd.nist.gov/vuln/detail/CVE-2023-0645

security-tracker.debian.org/tracker/CVE-2023-0645

www.cve.org/CVERecord?id=CVE-2023-0645

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.002

Percentile

53.4%

JSON

Related for UB:CVE-2023-0645