CVE-2023-6562
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kakadu Software Pty Ltd | Kakadu SDK | 4.4 < 8.4 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.