Bug#1034722: jpeg-xl: CVE-2023-0645
Moritz Mühlenhoff
jmm at inutil.org
Sat Apr 22 18:30:16 BST 2023
Source: jpeg-xl
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jpeg-xl.
CVE-2023-0645[0]:
| An out of bounds read exists in libjxl. An attacker using a
| specifically crafted file could cause an out of bounds read in the
| exif handler. We recommend upgrading to version 0.8.1 or past commit h
| ttps://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9
| e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commit
| s/d95b050c1822a5b1ede9e0dc937e43fca1b10159
https://github.com/libjxl/libjxl/issues/2100
https://github.com/libjxl/libjxl/pull/2101
https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-0645
https://www.cve.org/CVERecord?id=CVE-2023-0645
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-phototools-devel
mailing list