MEDIUM🇬🇧 English

CVE-2024-11498

CVSS 6.9v4.0pub. 2024-11-25upd. 2025-07-23

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Libjxl Project Libjxl

    APP
    Libjxl Project
    < 0.8.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2021-27804CRITICAL9.8ten sam produkt

JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.

CVE-2026-1837HIGH8.7ten sam produkt

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. S...

CVE-2023-35790HIGH7.5ten sam produkt

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decod...

CVE-2021-36691HIGH7.5ten sam produkt

libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When en...

CVE-2024-11403MEDIUM6.9ten sam produkt

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33...