CVE-2023-35790 — Vulnetix

CVE-2023-35790 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.

EPSS 0.08% · 22.7th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.08%

22.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
libjxl_project	libjxl	0

Timeline

Jun 16, 2023 CVE Published
Jun 17, 2023 EPSS Score
Jul 22, 2023 EPSS Score
Aug 27, 2023 EPSS Score
Oct 1, 2023 EPSS Score
Nov 6, 2023 EPSS Score
Dec 11, 2023 EPSS Score
Jan 15, 2024 EPSS Score
Feb 20, 2024 EPSS Score
Mar 26, 2024 EPSS Score
Apr 30, 2024 EPSS Score
Jun 5, 2024 EPSS Score

References

https://github.com/libjxl/libjxl/releases/tag/v0.8.2 url
https://github.com/libjxl/libjxl/pull/2551 url
https://nvd.nist.gov/vuln/detail/CVE-2023-35790 advisory

Open in Interactive Console →