Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by libjxl_project
CVE-2025-12474 (GCVE-0-2025-12474)
Vulnerability from cvelistv5 – Published: 2026-02-11 15:27 – Updated: 2026-02-11 21:41
VLAI
Title
libjxl: Uninitialized memory read in decoder due to incorrect optimization in patch handling
Summary
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory.
This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:41:29.565595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:41:40.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libjxl",
"vendor": "Google",
"versions": [
{
"lessThanOrEqual": "0.11.1",
"status": "affected",
"version": "0.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA specially-crafted file can cause libjxl\u0027s decoder to read pixel data from uninitialized (but allocated) memory.\u003c/p\u003e\u003cp\u003eThis can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A specially-crafted file can cause libjxl\u0027s decoder to read pixel data from uninitialized (but allocated) memory.\n\nThis can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas."
}
],
"impacts": [
{
"capecId": "CAPEC-44",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-44 Overflow Binary Resource File"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:27:24.118Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/pull/4495"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "libjxl: Uninitialized memory read in decoder due to incorrect optimization in patch handling",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-12474",
"datePublished": "2026-02-11T15:27:24.118Z",
"dateReserved": "2025-10-29T16:11:30.108Z",
"dateUpdated": "2026-02-11T21:41:40.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1837 (GCVE-0-2026-1837)
Vulnerability from cvelistv5 – Published: 2026-02-11 15:19 – Updated: 2026-02-26 14:44
VLAI
Title
libjxl: Out-of-bounds write in grayscale color transformation when using LCMS2
Summary
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.
This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T04:56:38.683924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:25.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/libjxl/libjxl/issues/4549"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libjxl",
"vendor": "Google",
"versions": [
{
"lessThanOrEqual": "0.11.1",
"status": "affected",
"version": "0.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA specially-crafted file can cause libjxl\u0027s decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.\u003c/p\u003e\u003cp\u003eThis can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).\u003c/p\u003e"
}
],
"value": "A specially-crafted file can cause libjxl\u0027s decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.\n\nThis can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags)."
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123 Buffer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "CWE-805",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:19:55.442Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/issues/4549"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "libjxl: Out-of-bounds write in grayscale color transformation when using LCMS2",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2026-1837",
"datePublished": "2026-02-11T15:19:55.442Z",
"dateReserved": "2026-02-03T16:27:32.730Z",
"dateUpdated": "2026-02-26T14:44:25.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11403 (GCVE-0-2024-11403)
Vulnerability from cvelistv5 – Published: 2024-11-25 13:08 – Updated: 2024-11-25 13:54
VLAI
Title
Out of Bounds Memory Read/Write in libjxl
Summary
There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| libjxl | libjxl |
Affected:
0.11.0 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99
(custom)
Affected: 0.10.0-2 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99 (custom) Affected: 0.9.0-3 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99 (custom) Affected: 0.8.0-3 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99 (custom) Affected: 0.7.0-1 , < 9cc451b91b74ba470fd72bd48c121e9f33d24c99 (custom) |
Date Public
2024-10-02 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T13:54:20.424817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T13:54:29.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/libjxl/libjxl/",
"defaultStatus": "unaffected",
"product": "libjxl",
"programFiles": [
"lib/jxl/jpeg/enc_jpeg_huffman_decode.h"
],
"repo": "https://github.com/libjxl/libjxl/",
"vendor": "libjxl",
"versions": [
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.11.0",
"versionType": "custom"
},
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.10.0-2",
"versionType": "custom"
},
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.9.0-3",
"versionType": "custom"
},
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.8.0-3",
"versionType": "custom"
},
{
"lessThan": "9cc451b91b74ba470fd72bd48c121e9f33d24c99",
"status": "affected",
"version": "0.7.0-1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-10-02T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There exists an out of bounds read/write in LibJXL versions prior to commit\u0026nbsp;9cc451b91b74ba470fd72bd48c121e9f33d24c99. T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehe JPEG decoder used by the JPEG XL \u003c/span\u003e\u003cem\u003eencoder\u003c/em\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There exists an out of bounds read/write in LibJXL versions prior to commit\u00a09cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder\u00a0when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T13:08:38.280Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/commit/9cc451b91b74ba470fd72bd48c121e9f33d24c99"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of Bounds Memory Read/Write in libjxl",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-11403",
"datePublished": "2024-11-25T13:08:38.280Z",
"dateReserved": "2024-11-19T11:20:39.008Z",
"dateUpdated": "2024-11-25T13:54:29.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11498 (GCVE-0-2024-11498)
Vulnerability from cvelistv5 – Published: 2024-11-25 13:08 – Updated: 2024-11-25 13:55
VLAI
Title
Resource exhaustion via Stack overflow in libjxl
Summary
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| libjxl | libjxl |
Affected:
0.11.0 , < 65fbec56bc578b6b6ee02a527be70787bbd053b0
(custom)
Affected: 0.10.0-2 , < 65fbec56bc578b6b6ee02a527be70787bbd053b0 (custom) Affected: 0.9.0-3 , < 65fbec56bc578b6b6ee02a527be70787bbd053b0 (custom) Affected: 0.8.0-3 , < 65fbec56bc578b6b6ee02a527be70787bbd053b0 (custom) Affected: 0.7.0-1 , < 65fbec56bc578b6b6ee02a527be70787bbd053b0 (custom) |
Date Public
2024-11-20 23:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T13:54:57.173166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T13:55:13.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/libjxl/libjxl/",
"defaultStatus": "unaffected",
"product": "libjxl",
"programFiles": [
"lib/jxl/modular/encoding/dec_ma.cc"
],
"repo": "https://github.com/libjxl/libjxl/",
"vendor": "libjxl",
"versions": [
{
"lessThan": "65fbec56bc578b6b6ee02a527be70787bbd053b0",
"status": "affected",
"version": "0.11.0",
"versionType": "custom"
},
{
"lessThan": "65fbec56bc578b6b6ee02a527be70787bbd053b0",
"status": "affected",
"version": "0.10.0-2",
"versionType": "custom"
},
{
"lessThan": "65fbec56bc578b6b6ee02a527be70787bbd053b0",
"status": "affected",
"version": "0.9.0-3",
"versionType": "custom"
},
{
"lessThan": "65fbec56bc578b6b6ee02a527be70787bbd053b0",
"status": "affected",
"version": "0.8.0-3",
"versionType": "custom"
},
{
"lessThan": "65fbec56bc578b6b6ee02a527be70787bbd053b0",
"status": "affected",
"version": "0.7.0-1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-20T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There exists a stack buffer overflow in libjxl.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit\u0026nbsp;65fbec56bc578b6b6ee02a527be70787bbd053b0.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There exists a stack buffer overflow in libjxl.\u00a0A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit\u00a065fbec56bc578b6b6ee02a527be70787bbd053b0."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T13:08:07.140Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/pull/3943"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Resource exhaustion via Stack overflow in libjxl",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-11498",
"datePublished": "2024-11-25T13:08:07.140Z",
"dateReserved": "2024-11-20T13:03:15.355Z",
"dateUpdated": "2024-11-25T13:55:13.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35790 (GCVE-0-2023-35790)
Vulnerability from cvelistv5 – Published: 2023-06-16 00:00 – Updated: 2024-12-17 17:02
VLAI
Summary
An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/releases/tag/v0.8.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/2551"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T17:02:15.423105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T17:02:35.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/releases/tag/v0.8.2"
},
{
"url": "https://github.com/libjxl/libjxl/pull/2551"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35790",
"datePublished": "2023-06-16T00:00:00.000Z",
"dateReserved": "2023-06-16T00:00:00.000Z",
"dateUpdated": "2024-12-17T17:02:35.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0645 (GCVE-0-2023-0645)
Vulnerability from cvelistv5 – Published: 2023-04-11 13:22 – Updated: 2025-02-07 16:32
VLAI
Title
Out of Bounds read in libjxl
Summary
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
Date Public
2023-01-31 23:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/2101"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:31:00.592408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:32:10.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Libjxl",
"repo": "https://github.com/libjxl/libjxl",
"vendor": "Libjxl",
"versions": [
{
"lessThan": "0.8.1",
"status": "affected",
"version": "0.7.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-31T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159\"\u003ehttps://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159\u003c/a\u003e"
}
],
"value": "An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit\u00a0 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 "
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T13:22:06.779Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159"
},
{
"url": "https://github.com/libjxl/libjxl/pull/2101"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out of Bounds read in libjxl",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-0645",
"datePublished": "2023-04-11T13:22:06.779Z",
"dateReserved": "2023-02-02T11:18:15.223Z",
"dateUpdated": "2025-02-07T16:32:10.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34000 (GCVE-0-2022-34000)
Vulnerability from cvelistv5 – Published: 2022-06-19 00:00 – Updated: 2024-08-03 08:16
VLAI
Summary
libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/libjxl/libjxl/issues/1477 | |
| https://security.gentoo.org/glsa/202210-36 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:15.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/issues/1477"
},
{
"name": "GLSA-202210-36",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libjxl/libjxl/issues/1477"
},
{
"name": "GLSA-202210-36",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-36"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34000",
"datePublished": "2022-06-19T00:00:00.000Z",
"dateReserved": "2022-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:16:15.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45928 (GCVE-0-2021-45928)
Vulnerability from cvelistv5 – Published: 2021-12-31 23:59 – Updated: 2024-08-04 04:54
VLAI
Summary
libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/google/oss-fuzz-vulns/blob/mai… | x_refsource_MISC |
| https://bugs.chromium.org/p/oss-fuzz/issues/detai… | x_refsource_MISC |
| https://github.com/libjxl/libjxl/issues/360 | x_refsource_MISC |
| https://github.com/libjxl/libjxl/pull/365 | x_refsource_MISC |
| https://github.com/libjxl/libjxl/compare/v0.5...v0.6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1055.yaml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/issues/360"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/365"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/compare/v0.5...v0.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState\u003cjxl::FrameDecoder::ProcessSections)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-01T16:14:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1055.yaml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/issues/360"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/pull/365"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/compare/v0.5...v0.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState\u003cjxl::FrameDecoder::ProcessSections)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1055.yaml",
"refsource": "MISC",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1055.yaml"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456"
},
{
"name": "https://github.com/libjxl/libjxl/issues/360",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/issues/360"
},
{
"name": "https://github.com/libjxl/libjxl/pull/365",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/pull/365"
},
{
"name": "https://github.com/libjxl/libjxl/compare/v0.5...v0.6",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/compare/v0.5...v0.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45928",
"datePublished": "2021-12-31T23:59:08.000Z",
"dateReserved": "2021-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:54:31.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22564 (GCVE-0-2021-22564)
Vulnerability from cvelistv5 – Published: 2021-11-01 13:10 – Updated: 2024-09-17 00:21
VLAI
Title
Out of bounds Copy in Libjxl in large image groups
Summary
For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775
Severity
4.5 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/libjxl/libjxl/pull/775 | x_refsource_MISC |
| https://github.com/libjxl/libjxl/issues/708 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google LLC | libjxl |
Affected:
unspecified , ≤ 0.6.0
(custom)
|
Date Public
2021-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/775"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/issues/708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libjxl",
"vendor": "Google LLC",
"versions": [
{
"lessThanOrEqual": "0.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T13:10:15.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/pull/775"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/issues/708"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bounds Copy in Libjxl in large image groups",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2021-10-14T20:00:00.000Z",
"ID": "CVE-2021-22564",
"STATE": "PUBLIC",
"TITLE": "Out of bounds Copy in Libjxl in large image groups"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libjxl",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.6.0"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libjxl/libjxl/pull/775",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/pull/775"
},
{
"name": "https://github.com/libjxl/libjxl/issues/708",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/issues/708"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2021-22564",
"datePublished": "2021-11-01T13:10:15.502Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:49.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22563 (GCVE-0-2021-22563)
Vulnerability from cvelistv5 – Published: 2021-11-01 13:10 – Updated: 2024-09-17 02:10
VLAI
Title
Memory Overread in libjxl
Summary
Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757
Severity
4.5 (Medium)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/libjxl/libjxl/issues/735 | x_refsource_MISC |
| https://github.com/libjxl/libjxl/pull/757 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google LLC | libjxl |
Affected:
unspecified , ≤ 0.6.0
(custom)
|
Date Public
2021-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/issues/735"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libjxl",
"vendor": "Google LLC",
"versions": [
{
"lessThanOrEqual": "0.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector\u003cstd::vector\u003cT\u003e\u003e when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T13:10:13.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/issues/735"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/pull/757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory Overread in libjxl",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2021-10-14T20:00:00.000Z",
"ID": "CVE-2021-22563",
"STATE": "PUBLIC",
"TITLE": "Memory Overread in libjxl"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libjxl",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.6.0"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector\u003cstd::vector\u003cT\u003e\u003e when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126 Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libjxl/libjxl/issues/735",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/issues/735"
},
{
"name": "https://github.com/libjxl/libjxl/pull/757",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/pull/757"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2021-22563",
"datePublished": "2021-11-01T13:10:13.942Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:10:45.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36692 (GCVE-0-2021-36692)
Vulnerability from cvelistv5 – Published: 2021-08-30 20:14 – Updated: 2024-08-04 01:01
VLAI
Summary
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/libjxl/libjxl/issues/308 | x_refsource_MISC |
| https://github.com/libjxl/libjxl/pull/313 | x_refsource_MISC |
| https://github.com/libjxl/libjxl/commit/7dfa400de… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/issues/308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/pull/313"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T20:14:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/issues/308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/pull/313"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libjxl/libjxl/issues/308",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/issues/308"
},
{
"name": "https://github.com/libjxl/libjxl/pull/313",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/pull/313"
},
{
"name": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36692",
"datePublished": "2021-08-30T20:14:39.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:58.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36691 (GCVE-0-2021-36691)
Vulnerability from cvelistv5 – Published: 2021-08-30 19:53 – Updated: 2024-08-04 01:01
VLAI
Summary
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/libjxl/libjxl/issues/422 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:57.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libjxl/libjxl/issues/422"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T19:53:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libjxl/libjxl/issues/422"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libjxl/libjxl/issues/422",
"refsource": "MISC",
"url": "https://github.com/libjxl/libjxl/issues/422"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36691",
"datePublished": "2021-08-30T19:53:47.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:01:57.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27804 (GCVE-0-2021-27804)
Vulnerability from cvelistv5 – Published: 2021-03-02 00:30 – Updated: 2024-08-03 21:33
VLAI
Summary
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://gitlab.com/wg1/jpeg-xl/-/tags | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/03/01/3 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2021/Mar/2 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/161623/jpeg-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wg1/jpeg-xl/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/3"
},
{
"name": "20210302 Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161623/jpeg-xl-0.3.1-Memory-Corruption.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T17:06:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wg1/jpeg-xl/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/3"
},
{
"name": "20210302 Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Mar/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161623/jpeg-xl-0.3.1-Memory-Corruption.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/wg1/jpeg-xl/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/wg1/jpeg-xl/-/tags"
},
{
"name": "http://www.openwall.com/lists/oss-security/2021/03/01/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/3"
},
{
"name": "20210302 Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Mar/2"
},
{
"name": "http://packetstormsecurity.com/files/161623/jpeg-xl-0.3.1-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161623/jpeg-xl-0.3.1-Memory-Corruption.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27804",
"datePublished": "2021-03-02T00:30:58.000Z",
"dateReserved": "2021-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:33:15.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}