CVE-2023-0645

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
GoogleCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
libjxl_projectlibjxl
𝑥
< 0.8.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jpeg-xl
bookworm
no-dsa
sid
0.10.4-2
fixed
trixie
0.10.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jpeg-xl
oracular
needs-triage
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
dne
jammy
dne
focal
dne
bionic
dne
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://github.com/libjxl/libjxl/pull/2101
https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159
https://github.com/libjxl/libjxl/pull/2101
https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159