Launchpad.net

CVE 2023-0645

An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

CVE-2023-0645 (Candidate) is related to these bugs:

Bug #2062011: Please update libjxl to newest version in 24.04 to address security vulnerabilities

Summary				In	Importance	Status
	2062011	Please update libjxl to newest version in 24.04 to address security vulnerabilities		jpeg-xl (Ubuntu)	Undecided	Fix Released
	2062011	Please update libjxl to newest version in 24.04 to address security vulnerabilities		jpeg-xl (Ubuntu Noble)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.