CVE-2023-35790

Опубликовано: 16 июн. 2023

Источник: debian

Описание

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jpeg-xl	fixed	0.8.2-1	experimental	package
jpeg-xl	fixed	0.8.2-4		package
jpeg-xl	no-dsa		bookworm	package

Примечания

https://github.com/libjxl/libjxl/pull/2551
https://github.com/libjxl/libjxl/commit/d4e67a644d8babe7cb68de122d8b5ccb2ad8f226

Связанные уязвимости

CVE-2023-35790

CVSS3: 7.5

ubuntu

около 2 лет назад

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

CVE-2023-35790

CVSS3: 7.5

redhat

около 2 лет назад

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

CVE-2023-35790

CVSS3: 7.5

nvd

около 2 лет назад

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

openSUSE-SU-2023:0161-1

suse-cvrf

почти 2 года назад

Security update for libjxl

ROS-20230627-02

CVSS3: 7.5

redos

почти 2 года назад

Уязвимость libjxl