CVE-2023-0645

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-125
View all →

Vulnerability Description

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

Related Vulnerabilities

CVE-2014-1508

CRITICAL
CVSS:9.1(Critical)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive ...

CWE-1252014

CVE-2014-3180

CRITICAL
CVSS:9.1(Critical)

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting comp...

CWE-1252014

CVE-2016-6520

CRITICAL
CVSS:9.1(Critical)

Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

CWE-1252016

CVE-2017-0854

CRITICAL
CVSS:9.1(Critical)

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.

CWE-1252017

CVE-2017-11147

CRITICAL
CVSS:9.1(Critical)

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due t...

CWE-1252017

CVE-2017-14122

CRITICAL
CVSS:9.1(Critical)

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.

CWE-1252017