CVE-2023-6562

Name of the Vulnerable Software and Affected Versions Kakadu version 7.9

Description The issue allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted image that is displayed back to the attacker. This is related to a JPX Fragment List (flst) box vulnerability.

Recommendations For Kakadu version 7.9, consider restricting image upload capabilities to trusted users or disabling the display of user-uploaded images until a patch is available. As a temporary workaround, restrict access to sensitive files and directories on the server to minimize the risk of exploitation.