Bug 2215240 (CVE-2023-35790)

Summary: CVE-2023-35790 libjxl: integer underflow leading to infinite loop
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abobrov, jhorak, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2220852, 2220853, 2220854, 2220855, 2220856, 2220857    
Bug Blocks: 2215249    

Description Sandipan Roy 2023-06-15 06:57:45 UTC 
"### Changed
 - Security: Fix an integer underflow bug in patch decoding. (#2551)"

Please bump to 0.8.2.

https://github.com/libjxl/libjxl/releases/tag/v0.8.2
Comment 4 Jan Horak 2023-07-17 08:32:18 UTC 
Upstream bug regarding library rebase: https://bugzilla.mozilla.org/show_bug.cgi?id=1837862
Comment 5 Tomas Popela 2023-07-20 09:16:45 UTC 
Quoting reply from upstream - https://bugzilla.mozilla.org/show_bug.cgi?id=1837862#c8:

> The libjxl should only be built on nightly, so anything that is not nightly should be unaffected.

We've updated the list of bundled libraries (which we automatically generate when doing the major Firefox/Thunderbird rebase) to remove libjxl from it. It will be part of the Firefox / Thunderbird 115.x builds.