Lucene search

GoogleCVELIST:CVE-2023-6562

HistoryDec 20, 2023 - 1:11 p.m.

CVE-2023-6562

2023-12-2013:11:39

CWE-22

Google

www.cve.org

cve-2023-6562

exfiltration

local files

remote files

server upload

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.1%

JSON

JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "JPEG 2000, JPX",
    "product": "Kakadu SDK",
    "vendor": "Kakadu Software Pty Ltd",
    "versions": [
      {
        "lessThan": "8.4",
        "status": "affected",
        "version": "4.4",
        "versionType": "python"
      }
    ]
  }
]

References

github.com/google/security-research/security/advisories/GHSA-g6qc-fhcq-vhf9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.1%

JSON

Related for CVELIST:CVE-2023-6562