PT-2021-15142 · Libjxl · Libjxl

Lovello

Published

2021-11-01

Updated

2021-11-03

CVE-2021-22563

CVSS v3.1

4.5

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions libjxl versions prior to 0.6.0

Description The issue arises from invalid JPEG XL images that can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines using libjxl. This out of bounds read access can lead to a segfault or result in rendering splines based on other process memory.

Recommendations For libjxl versions prior to 0.6.0, upgrade to a version past 0.6.0 to resolve the issue. As a temporary workaround, consider restricting the use of libjxl for rendering splines from untrusted sources until a patch is applied.

Exploit

Fix

Buffer Over-read

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-125

Related Identifiers

CVE-2021-22563

Affected Products

Libjxl

PT-2021-15142 · Libjxl · Libjxl

CVE-2021-22563

Weakness Enumeration

Related Identifiers

Affected Products

References · 5