Vulnerability Details CVE-2023-6562
JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.5%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-6562
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:4.4
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:4.5
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:5.0
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:5.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:5.2
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:6.0
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:6.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:6.2
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:6.3
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:6.4
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:6.4.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.0
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.10
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.10.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.10.2
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.2
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.2.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.2.2
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.3
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.3.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.3.2
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.4
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.5
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.6
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.7
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.8
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.9
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:7.9.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:8.0.1
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:8.0.2
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:8.0.3
-
cpe:2.3:a:kakadusoftware:kakadu_sdk:8.4