Bug#1055306: jpeg-xl: CVE-2023-35790
Moritz Mühlenhoff
jmm at inutil.org
Fri Nov 3 19:25:50 GMT 2023
Source: jpeg-xl
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jpeg-xl.
CVE-2023-35790[0]:
| An issue was discovered in dec_patch_dictionary.cc in libjxl before
| 0.8.2. An integer underflow in patch decoding can lead to a denial
| of service, such as an infinite loop.
https://github.com/libjxl/libjxl/pull/2551
https://github.com/libjxl/libjxl/commit/d4e67a644d8babe7cb68de122d8b5ccb2ad8f226
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-35790
https://www.cve.org/CVERecord?id=CVE-2023-35790
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-phototools-devel
mailing list