CVE-2023-0645

CRITICAL9.1EPSS 0.17%

jpeg-xl - security update

Published: 4/11/2023Modified: 4/28/2026

Description

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

Affected packages (2)

Debian/jpeg-xlfrom 0, < 0.7.0-10+deb12u1
Debian/jpeg-xlfrom 0, < 0.7.0-10+deb12u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-0645