{"id":"UBUNTU-CVE-2023-0645","details":"An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159","modified":"2026-04-22T16:31:26.281735Z","published":"2023-04-11T14:15:00Z","related":["USN-7637-1"],"upstream":["CVE-2023-0645"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0645"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-0645"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7637-1"}],"affected":[{"package":{"name":"jpeg-xl","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/jpeg-xl@0.7.0-10.2ubuntu6.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.0-10.2ubuntu6.1"}]}],"versions":["0.7.0-10ubuntu2","0.7.0-10.2ubuntu1","0.7.0-10.2ubuntu4","0.7.0-10.2ubuntu5","0.7.0-10.2ubuntu6"],"ecosystem_specific":{"binaries":[{"binary_version":"0.7.0-10.2ubuntu6.1","binary_name":"libjpegxl-java"},{"binary_version":"0.7.0-10.2ubuntu6.1","binary_name":"libjxl-devtools"},{"binary_version":"0.7.0-10.2ubuntu6.1","binary_name":"libjxl-tools"},{"binary_version":"0.7.0-10.2ubuntu6.1","binary_name":"libjxl0.7"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-0645.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}