CVE-2023-35790

Опубликовано: 15 июн. 2023

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

Отчет

Add the statement: This CVE is under investigation by Red Hat Product Security.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 8	firefox	Not affected
Red Hat Enterprise Linux 8	thunderbird	Not affected
Red Hat Enterprise Linux 9	firefox	Not affected
Red Hat Enterprise Linux 9	firefox:flatpak/firefox	Not affected
Red Hat Enterprise Linux 9	thunderbird	Not affected
Red Hat Enterprise Linux 9	thunderbird:flatpak/thunderbird	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=2215240libjxl: integer underflow leading to infinite loop

EPSS

Процентиль: 22%

0.0007

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-35790

CVSS3: 7.5

ubuntu

больше 2 лет назад

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

CVE-2023-35790

CVSS3: 7.5

nvd

больше 2 лет назад

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

CVE-2023-35790

CVSS3: 7.5

debian

больше 2 лет назад

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0. ...

openSUSE-SU-2023:0161-1

suse-cvrf

больше 2 лет назад

Security update for libjxl

GHSA-c693-jh58-c8cm

CVSS3: 7.5

github

больше 2 лет назад

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

EPSS

Процентиль: 22%

0.0007

Низкий

7.5 High

CVSS3