Lucene search

Ubuntu.comUB:CVE-2023-35790

HistoryJun 16, 2023 - 12:00 a.m.

CVE-2023-35790

2023-06-1600:00:00

ubuntu.com

libjxl

integer underflow

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.2%

JSON

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2.
An integer underflow in patch decoding can lead to a denial of service,
such as an infinite loop.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchjpeg-xl< anyUNKNOWN
ubuntu24.04noarchjpeg-xl< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	jpeg-xl	< any	UNKNOWN
ubuntu	24.04	noarch	jpeg-xl	< any	UNKNOWN

References

github.com/libjxl/libjxl/commit/d4e67a644d8babe7cb68de122d8b5ccb2ad8f226

github.com/libjxl/libjxl/pull/2551

github.com/libjxl/libjxl/releases/tag/v0.8.2

launchpad.net/bugs/cve/CVE-2023-35790

nvd.nist.gov/vuln/detail/CVE-2023-35790

security-tracker.debian.org/tracker/CVE-2023-35790

www.cve.org/CVERecord?id=CVE-2023-35790

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.2%

JSON

Related for UB:CVE-2023-35790