CVE-2023-6562

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 20, 2023

Updated: Dec 28, 2023

CWE ID 434

CWE ID 22

Summary

CVE-2023-6562 is a vulnerability affecting Kakadu 7.9, an image rendering library. The issue lies within the JPX Fragment List (flst) box feature. An attacker can take advantage of this flaw to exfiltrate local and remote files accessible by a server, by uploading a maliciously crafted image. Upon displaying the image back to the attacker, the server unintentionally transmits the targeted files, creating a potential data leak.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ttkW1N
https://www.cve.org/CVERecord?id=CVE-2023-6562
https://nvd.nist.gov/vuln/detail/CVE-2023-6562

Back to Vulnerability Database

CVE-2023-6562

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations